As pointed out in the comments, the way to do this is to create two NAT rules for both internal services, like this:

iptables -t nat -A PREROUTING -d public.ip -p tcp --dport 4444 -j DNAT --to inthost1:12345
iptables -t nat -A PREROUTING -d public.ip -p tcp --dport 5555 -j dnat --to inthost2:12345
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d inthost1 -p tcp --dport 12345 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d inthost2 -p tcp --dport 12345 -j MASQUERADE

This way if one internal host sends a packet to the other, it will appear to come from the "gateway" (the NAT box), so that the NAT box gets the reply and can forward it to the other internal box.

As pointed out in the comments, the way to do this is to create two NAT rules for both internal services, like this:

iptables -t nat -A PREROUTING -d public.ip -p tcp --dport 4444 -j DNAT --to inthost1:12345
iptables -t nat -A PREROUTING -d public.ip -p tcp --dport 5555 -j DNAT --to inthost2:12345
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d inthost1 -p tcp --dport 12345 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d inthost2 -p tcp --dport 12345 -j MASQUERADE

This way if one internal host sends a packet to the other, it will appear to come from the "gateway" (the NAT box), so that the NAT box gets the reply and can forward it to the other internal box.