Well In researching this some guy wanted to use this technique to authenticate users at a satellite office using port 135 for active directory. Port 135 will only respond if you are on the same subnet. So I plugged it straight into my modem got an ip off. 24.151.10.x 255.255.248.0 Went to my friends house his IP was in the same subnet and I was able to nmap the port and it was open.
My next question requires a little of a setup. the server is 192.168.2.3 and the router is 192.168.2.1. So if you forward the port and try to connect to it wont the request look like it is coming from 192.168.2.1? Which is on the same subnet.
Last question is on my logs for my router at work I see port scan attempts from 192.168.x.x and our range is 10.10.10.x. How do people spoof internal IP's to do an attack?