If you are able to change the router, then you only need to forward the port in the router (eg 3306) to the IP of the machine on the local network (eg 192.168.5.8). You don't need the iptable rules on the local machine, since it doesn't have direct access to the internet, so cannot do any network address translation (I'm presuming your router is the gateway).
When connecting from outside, you don't connect to 192.168.5.8 (since that is not the external address), but to the router IP (eg 188.8.131.52, or whatever it is). The router will transparently forward the traffic to the computer on the local network (and return replies).
Last edited by neonsignal; 11-20-2010 at 06:08 AM.