This is possible using just extended access-lists. But to be more secure, you can also use the IOS Firewall Feature set to accomplish the same thing.

With just access-lists it would look something like this:

access-list 101 permit tcp any host pc1 eq 80

access-list 101 permit tcp any host pc1 eq 21

access-list 101 permit tcp any host pc1 eq 20

access-list 101 permit tcp any host pc2 eq 80

access-list 101 permit tcp any host pc2 eq 21

access-list 101 permit tcp any host pc2 eq 20

access-list 101 permit ip any host pc3

access-list 101 permit ip any host pc4

access-list 101 permit ip any host pc5

Now apply access-list 101 inbound on the outside interface of your router.

Sincerely,

David.