The process is fairly simple. You choose IP Public that want to be NAT-ed on 'ALIAS IP' and fill out both Source and Destination Port. For example, if you want to forward http request from outside, choose TCP protocol, pick IP Public on Alias drop down box, and finally put '80' on both Source and Destination port.
IPCOP supports many IP Public attached on single RED interface, just declare them on 'Aliases' page. For each, you can port forward virtually anything from one interface page. However, IPCOP does not support multiple WANs, and likely to be implemented soon. Here are example for Aliases:
Usually, your ISP gives you one IP if you're using normal broadband connection. But those who have more than 1 static IP, you can assign them here. Declare your IP on 'Alias IP' text box and give it proper name e.g: mail.xyz.com on 'Name' textbox. Name declared should match given from your ISP, although it's not mandatory but to avoid confusion. And no, you can't use your dynamic IP here. For Dynamic IP, there's feature on IPCOP called 'Dynamic DNS' but it's not a subject of this thread.
One thing, for port forwarding/NAT, you DON'T need to open port on External Access page, There's no need to. It was needed step on older IPCOP version, and affected ALL interfaces (RED, GREEN, BLUE, ORANGE) but today releases forbid you from doing so.
After you've done that, try ping your newly declared IP to check whether it's active or not. Don't close ICMP for all interfaces on Firewall Options page, it's unecessary. If you do so, you will be unable to ping your own IP Public, which is pretty absurd. Close ICMP for outside world only, and leave your LAN allowed.