I suggest checking this out
SSH Proxy. He wrote it for Windows, but it would be even easier to implement in linux.
I'm actually getting the hardware together for a project just like this for my home network. The box will be my print server internally and my ssh proxy server externally. I've given it a lot of thought, and I have a few ideas about security:
You probably would want to create a completely separate user for the ssh proxy. If you have no other reason to ssh into your box, then you may want to config ssh to only allow connections from the "proxy" user (I believe you can do this in the ssh_config file) and while you're in the the config file, you probably want to disable root logins via ssh. Restricting ssh down to one (or two) users will make it harder for script kiddies with brute force ssh scanners to burn you. But be sure to use good strong passwords for the users (upper/lowercase, numbers, symbols, etc). It probably isn't a bad idea to use an unusual name for the "proxy" user too.
I'm assuming this Slack box is your primary box, so you're going to want to take a long hard look at what services you are running. For instance, if you live alone and are gone to work 8 (or more) hours a day, do you really need CUPS running while you are gone. Same for X. This box will be on the net, so limit your exposure. Take a look at what packages you have installed too. All software has holes. Remove the stuff you don't need/use.
Since my box isn't my primary box, I'm taking the further step of using a specialized server distro (Tiny Sofa Classic) - with everything I don't need disabled and/or removed. Most distros like this have taken extra measures (kernel patches, custom builds, etc.) to help keep things secure. Security is a relative concept, but I figure a step like this can't hurt.
My plan is to get this thing going this weekend. Assuming I do, I'll be back to this thread to revise this...or ask for help...depending on how difficult it ends up being.
