I think I found it:


	
Code:
	
iptables -t nat -A PREROUTING -i eth0 -p tcp -dport 80 -j DNAT -to 192.168.0.2:80

[root@codekrash ~]#  iptables -t nat -A PREROUTING -i eth0 -p tcp -sport 8080 -j DNAT -to 10.8.0.6
Bad argument `8080'

[root@codekrash ~]#  iptables -t nat -A PREROUTING -i eth0 -p tcp -sport 8080 -j DNAT -to 10.8.0.6:8080
Bad argument `8080'

[root@codekrash ~]# iptables -t nat -A PREROUTING -i eth1 -s 0.0.0.0/0 -d 10.8.0.6 -p tcp --dport 8080 -m state --state ESTABLISHED,RELATED -j ACCEPT

[root@codekrash ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    REJECT     all  --  0.0.0.0/0            127.0.0.0/8         reject-with icmp-port-unreachable
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1194
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3690
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
8    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
9    LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg 5/min burst 5 LOG flags 0 level 7 prefix `iptables denied: '
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            10.8.0.6            tcp dpt:8080 state RELATED,ESTABLISHED

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    SNAT       all  --  10.8.0.0/24          0.0.0.0/0           to:209.59.217.122

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

 iptables  -A FORWARD -i eth1 -s 0.0.0.0/0 -d 10.8.0.6 -p tcp --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  0.0.0.0/0            10.8.0.6            tcp dpt:8080 state NEW,RELATED,ESTABLISHED

iptables -A INPUT -i eth1 -s 0.0.0.0/0 -d $LANIP -p tcp --sport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -s 0.0.0.0/0 -d $INTERNETIP -p tcp --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables  -A FORWARD -i eth1 -s 0.0.0.0/0 -d $INTERNETIP -p tcp --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -t nat -A PREROUTING -d $INTERNETIP -p tcp --dport 8080 -j DNAT --to-destination $LANIP

#!/bin/bash
# Load all NAT and connection tracking netfilter modules for current kernel
find /lib/modules/$(uname -r)/kernel/net/netfilter/ 
    -name nf_\*.ko | sed 's/\.ko$//' | while read name; \
    do modprobe $(basename $name) ; done
find /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ \
    -name nf_\*.ko | sed 's/\.ko$//' | while read name; \
    do modprobe $(basename $name) ; done
find /lib/modules/$(uname -r)/kernel/net/ipv6/netfilter/ \
    -name nf_\*.ko | sed 's/\.ko$//' | while read name; \
    do modprobe $(basename $name) ; done