OK, solved. Well, maybe not solved, but at least I now know the culprit. 
Filippo, it was your question on the Shorewall mailing list from October 2014 about NFQUEUE that caught my eye. I'd been going through all the Shorewall configuration files looking to see exactly what was set up. I didn't know what the action.NFQBY file was doing, so Googled it. That led me to your post, where you mentioned that it was for a snort/suricata setup.
So, as a test I turned off IPS via the GUI. Guess what, 200+Mbps again. 
Just to make sure this wasn't a fluke, I have now stopped/re-started IPS a number of times with consistent results. IPS on, 85Mbps. IPS off, 200Mbps.
Looks like some interaction between the 2 is doing this, because it's only when both are turned on that I'm seeing this. Stopping either Shorewall or IPS restores my download speeds.
BTW. Looking at the Services tab on Dashboard, how do you have a service with a status of "Disabled" be in a "Running" state. I now have 2: snortd and xl2tpd.
Cheers.