This is primarily what I am doing too.
The easiest, and cleanest way to do this is to create an alias for the ports you want to accept for that system.
PRT_SERVER
21,80,110,443 etc etc
Then create the firewall rule for the ports on the INTERNAL IP of your server.