hi,
not too clear. on which machine did you put the script? eth 1 router or the DMZ slack?
'if' this script was on the router,
and assuming eth0 is internet-facing NIC, then
Code:
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d $IP0 --dport 8080 -j DNAT --to $INTIP:23
you dont need -d $IP0 - it will go nowhere since the incoming interface (internet) only know 1.2.3.4, and that -d $IP0 represents private address which is not internet-routable.
and, a bit complicated - but you should do a double DNAT which are 1 for the 1 router pointing to DMZ slack, and 1 for the DMZ slack pointing to internal server.
HTH.