This is possible using just extended access-lists. But to be more secure, you can also use the IOS Firewall Feature set to accomplish the same thing.
With just access-lists it would look something like this:
access-list 101 permit tcp any host pc1 eq 80
access-list 101 permit tcp any host pc1 eq 21
access-list 101 permit tcp any host pc1 eq 20
access-list 101 permit tcp any host pc2 eq 80
access-list 101 permit tcp any host pc2 eq 21
access-list 101 permit tcp any host pc2 eq 20
access-list 101 permit ip any host pc3
access-list 101 permit ip any host pc4
access-list 101 permit ip any host pc5
Now apply access-list 101 inbound on the outside interface of your router.
Sincerely,
David.