Most servers resolve the incoming connections to get hostnames.
You don't have any rules in the FORWARD chain to allow dns.
With FORWARD rules, don't add extra check unless they are necessary, eg,
don't specify both -i & -o interfaces. Also, -d ip numbers are unecessary as the interface has only one ip address..
Also, with an ACCEPT policy for INPUT & OUTPUT, you don't need to write ACCEPT rules (unless you have a DROP following).
When you DNAT, the port number is retained unless you specify a different one.. so --to-dest x.x.x.x:22
I suggest you have a good read of the BIG Iptables tutorial