...and of course, by asking a detailled question, and then spending a little 
time testing, I have now answered my own question.

1) slap in a router rule:
forward port 3784 to the m0n0 WAN interface

2) add m0n0 rules:
Firewall: Rules  -  WAN interface - TCP  *  *  LAN net  3784
Firewall: NAT : inbound - WAN  TCP  3784 - 65535  172.16.0.236  3784 - 65535

POSSIBLE BUG:
Firewall: NAT: Edit - even though there is only a single "Local port" field, 
when saved the "Firewall : NAT" rule shows a range - and will produce errors 
if it's calculation (see below) exceeds 65535
   if "External port range" is defined as 1025-65535
  and "Local port" is defined as 3784
  the resultant rule will define "Int. port range" as 3784 - 68295 (note 
port higher than 65535)
  when creating this rule it stopped me, saying the range was too high 
(which it is for us mere mortals)
  when modifying the rule to reproduce the error (to record the numbers 
here) it let me do it, no error reported, despite a clearly wrong range 
(xxxx - !> 68295 <!).

ALSO:
in
Firewall: NAT: Edit
Shouldn't there be an :
"Any port"
option for :
"Ext. port range"

and also in :
Firewall: NAT: Edit
Shouldn't the :
"Local port"
field offer a range (two fields) - or more likely shouldnt it's "hint:" text 
be modified/removed to reflect a single port field...as well as the NAT 
descriptor: "Int. port range" *not* show a range?

... or is it just that a range of the same size is assumed? (seems strange 
if so).

_________________________________________________________________
Protect your inbox from harmful viruses with new ninemsn Premium. Go to   
http://ninemsn.com.au/premium/landing.asp?banner=emailtag&referrer=hotmail