You can absolutely NAT incoming packets using the NAT table. Put the rule into the PREROUTING chain and only change the port, not the dst IP. This trick is super useful for docker containers, and to allow unprivileged processes to listen on privileged ports.
It doesn't really make sense to talk about "incoming" packets at that point, as it is PREROUTING, so whether the destination address is local or not, and thus whether it's an incoming or a forwarded packet, has not been determined yet, and you can NAT however you like, local address to local address, local address to remote address, remote address to remote address, or remote address to local address.