This doesn't exactly answer your question, however, one of the easiest ways to do this is by using two routers to put the computer you want to access from the Internet on a physically separated network from your other computers. A decent router will allow you to specify the source IP address and port forward to an internal IP.
Connect both routers to your main Internet router. Put the Internet accessible computer behind one router and the rest of your computers behind a different router. Then, the Internet accessible computer is on it's own network and cannot see your other computers behind the other router. Don't forget to open a port on the router to the Internet accessible computer and also on your main router to the Internet accessible router.
You might not want to use a cheap consumer router that can be easily hacked from the Internet accessible computer. Or, you could put something like dd-wrt firmware on the routers. Use a really long password on the routers to help prevent brute forcing the routers password.
If you wanted to get fancy, you could use something like a Raspberry Pi as your router(s). Then you can customize it to your liking.
EDIT:
You really need two routers connected to your main router. There is something called ARP Cache Poisoning that can allow a hijacked machine plugged into your main router to redirect all LAN traffic through the hijacked machine. This could allow the machine to hijack machines behind your other router. This is called a man-in-the-middle (MITM) attack.
