Rather than bash, shell scripts should have #!/bin/sh as their first line and you'll also need to make sure that it is executable (chmod 755 <>).
One thing I just realised, you didn't specify whether the internal network uses public address (in which case all you are doing is firewalling and routing) or uses private addresses (in which case you want to firewall and NAT). Given that you have the "Enable masquerade" line then I think you are looking for the private address scenario.
Here's my iptables.save, it's in a slightly different format than the raw commands but you should be able to work out the raw commands from it
# Generated by iptables-save v1.4.2 on Sun Jun 28 19:33:52 2009
*nat
:PREROUTING ACCEPT [16:927]
:POSTROUTING ACCEPT [1:76]
:OUTPUT ACCEPT [2:152]
-A PREROUTING -p udp -m udp --dport 10000 -j DNAT --to-destination 192.168.1.1
-A PREROUTING -p tcp -m tcp --dport 1723 -j DNAT --to-destination 192.168.1.1
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sun Jun 28 19:33:52 2009
# Generated by iptables-save v1.4.2 on Sun Jun 28 19:33:52 2009
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [22234:281341606]
:block - [0:0]
-A INPUT -i ppp0 -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i ppp0 -m state --state INVALID,NEW -j DROP
-A INPUT -j block
-A FORWARD -p tcp -m tcp --dport 1723 -j ACCEPT
-A FORWARD -p udp -m udp --dport 10000 -j ACCEPT
-A FORWARD -i ppp0 -m state --state INVALID,NEW -j DROP
-A FORWARD -j block
-A block -m state --state RELATED,ESTABLISHED -j ACCEPT
-A block -i ! ppp0 -m state --state NEW -j ACCEPT
-A block -j DROP
COMMIT
# Completed on Sun Jun 28 19:33:52 2009
# Generated by iptables-save v1.4.2 on Sun Jun 28 19:33:52 2009
*mangle
:PREROUTING ACCEPT [22408:281332084]
:INPUT ACCEPT [22348:281321477]
:FORWARD ACCEPT [60:10607]
:OUTPUT ACCEPT [22234:281341606]
:POSTROUTING ACCEPT [22275:281351273]
COMMIT
# Completed on Sun Jun 28 19:33:52 2009
# Generated by iptables-save v1.4.2 on Sun Jun 28 19:33:52 2009
*raw
:PREROUTING ACCEPT [22408:281332084]
:OUTPUT ACCEPT [22234:281341606]
COMMIT
# Completed on Sun Jun 28 19:33:52 2009
So to start with I run private IP addresses internally on my LAN and my Internet facing interface is ppp0 rather than your eth1. If you need to run NAT you can probably adapt what I have simply by replacing ppp0 with eth1. The numbers in square brackets are just counter values at the time I ran iptables-save.
First block is for the nat table, it sets the policies and then port forwards UDP 10000 and TCP 1723 to the box I use for downloading torrents which is 192.168.1.1
Next block is the main one. It first of all sets up the policies for the chains including introducing a new chain called "block" of which more later.
First rule is to rate limit ICMP - ICMP is needed for Path MTU Discovery and other stuff so we want it working, but rate limit it to avoid being flooded with it leading to a Denial-of Service
Next rules are to accept SSH, SMTP, HTTPS and HTTP - the services I expose to the Internet.
The next rule says any other invalid or new connections from the Internet get dropped (i.e. stealth the ports).
Everything else goes to the block chain.
The FORWARD chain has rules for accepting the forwarded ports, dropping the invalid or new connections from the Internet and going to the block chain for everything else.
The block chain says to accept everything related or established. Then anything not from the Internet (i.e. loopback or LAN) in state NEW also gets accepted, finally everything else (which should be new or invalid from the Internet) gets dropped.
The mangle and raw chains are just left at their defaults.
This should help, if not I can try and decode to raw commands for you. The one area I think might be a little tricky is ftp as it does funny things with command and data, but SSH and HTTP should be a copy of what I have.
I found a guide years ago to securing your Linux server, I forget the name - it was something controversial that happened to also be a mountain range in Utah or similar, but that put me on to the basics of the iptables. Maybe someone has better Google-fu than me and can find it.
Let me know how it goes!