127.0.0.1:22
When you DNAT, that puts the packet on the FORWARD chain, not the INPUT chain, so you that's where you ACCEPT rule needs to be. Remember that you also need to ACCEPT the packets going back out (also on the FORWARD chain) unless you already have a state ESTABLISHED rule covering them.