Sorry, I have been busy in Real Life (TM)
Your ip_forward looks good.
For your iptables -L -nv -t nat output, the eth0 does not need to be redirected to tcp 3128. I'm assuming eth0 goes to the internet/public.
You only need to forward/redirect your eth1 (LAN) to tcp 3128 squid.
As for blocking bittorrent, I set my iptables a bit different and probably not suitable for your setup. Basically I do not masqurade all clients out, only selected client IPs to selected ports only.
Also in my iptables FORWARD i explicitly deny all high ports not destined for the LAN, something like this:
iptables -A FORWARD -p tcp -s my.lan.network/24 --sport 1024:65535 -d ! my.lan.network/24 --dport 1024:65535 -j REJECT
iptables -A FORWARD -p udp -s my.lan.network/24--sport 1024:65535 -d ! my.lan.network/24 --dport 1024:65535 -j REJECT
I've heard about L7 iptables but to be honest have not used one.
Perhaps this link could shed some light.
http://serverfault.com/questions/270...-p2p-protocols
I'm not sure is squid can block bittorrent, perhaps or possibly it is possible but i'd imagine your acl needs to some configuration to block them