As an example -

If you wanted to port forward for SMTP on the PIX:

Create a ACL for SMTP access on the outside interface :

access-list smtp permit tcp any host 195.122.111.222 eq smtp

access-group smtp in interface outside

On the above ACL I have named it smtp but you can change this to fit your scenario.

Note - make sure the your MX record for SMTP is also pointing to IP 195.122.111.222

Now, you'll need to create a static translation for SMTP for TCP port 25 - assuming that your mail server is hosted inside your LAN, let's say your internal mail server IP is: 10.1.1.10

So,

static (inside,outside) tcp 195.122.111.222 smtp 10.1.1.10 smtp netmask 255.255.255.255 0 0

The above is saying - any traffic that is received on the outside interface for smtp on IP 195.122.111.222, port forward to internal IP 10.1.1.10 on port 25 (smtp).

This is the same principle if you need to allow any other services into your internal LAN on specific ports. I am assuming that you have spare public IP addresses to play with here? If you only have the one public IP address available and this is being utilised by the PIX outside interface then you'll need to make a slight modification to your static statement - again assuming your PIX outside interface IP is 195.122.111.222

access-list smtp permit tcp any host 195.122.111.222 eq smtp

access-group smtp in interface outside

static (inside,outside) tcp interface smtp 10.1.1.10 smtp netmask 255.255.255.255 0 0

The difference above is that now your using the outside interface IP address for your static translation by using the keyword "interface" in your static statement.

After you make any modification to ACLs or static statements you'll need to issue: clear xlate and save with: write mem

Also, read the following document:

http://www.cisco.com/warp/public/707/28.html

Now, does the above help or you need further assistance. If it has helped please rate post!