So, if ext_eth - is looking to router and int_eth is looking to LAN, then you need rules:
Code:
iptables -t nat -A PREROUTING -p tcp -d <IP_ext_int> --dport <YOUR_PORT> -j DNAT --to-destination <IP_int_eth>:<PORT>
iptables -t nat -A FORWARD -i ext_eth -o int_eth -j ACCEPT
iptables -t nat -A FORWARD -o ext_eth -i int_eth -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
After this, if you will connect to your ext_eth:50000 (for ex.) packets will be forwarded to <IP_int_eth>:<PORT>
If you would like to add more security and check source IP address of request, you need to add it to forward chain.
Something like this.