I tried ethereal, but unfortunately my gateway computer is not currently connected to a monitor, so I was running the packet sniffer over the network. Inevitably the sniffer was swamped by an avalanche of traffic from its own terminal, and no amount of grepping would produce sensible output.
I did find a workaround to my problem, though I still don't know the original cause. I have now connected my gateway to one of the LAN ports on the router, instead of the internet input port, and configured a static route using the router's web interface. This ensures that all traffic to external IPs is directed to the gateway on the LAN, and not to the router's non-existent external internet connection. Now I am getting full-speed uploads and downloads. No idea why this should make a difference; maybe the router's NAT/masquerading was clashing somehow with the masquerading in my gateway??
I also had to work around another bug, which I'll mention in case anybody else finds this thread in Google. There are two problems with the Netgear interface for setting up static routes: (1) you cannot include a default route, i.e. the subnet mask 0.0.0.0 is not accepted; and (2) the router's DHCP server will mysteriously stop working if you set up a static route that includes the address 255.255.255.255. To get around problem (1), you could define a default route in two parts:
IP: 18.104.22.168, SUBNET: 22.214.171.124, GATEWAY: gateway's IP on the LAN
IP: 126.96.36.199, SUBNET: 188.8.131.52, GATEWAY: gateway's IP on the LAN
Unfortunately, the second of these two routes includes the address 255.255.255.255, so your DHCP will stop working (don't ask why!). You can get around this by using the following set of routes, which include IP addresses from 0.0.0.0 to 184.108.40.206, i.e. all except the "IANA reserved" block:
IP: 220.127.116.11, SUBNET: 18.104.22.168 (includes 0-127)
IP: 22.214.171.124, SUBNET: 192.0.0.0 (includes 128-191)
IP: 192.0.0.0, SUBNET: 126.96.36.199 (includes 192-223)
IP: 188.8.131.52, SUBNET: 240.0.0.0 (includes 224-239)
Obviously you could continue this binary sequence to get 32 separate routes that include all addresses except 255.255.255.255, but this isn't necessary.