try this now without iptables!
## set up a 2 pair of veth devices to handle inbound and outbound traffic
ip link show | grep veth0 || ip link add type veth
## get new veth interfaces up
ip link set veth0 up
ip link set veth1 up
## trun on promisc mode,sometimes it's needed to make bridge work
ip link set veth1 promisc on
## add veth1,veth3 to bridge
brctl addif br-lan veth1
## just to make sure there's nothing inside those 2 tables
ip rule del priority 100
ip route flush table 100
## add routing for veth0 this will handle all slow traffic
ip route add default dev veth0 table 100
ip rule add iif eth1 table 100 priority 100
also go to your lan interface and add veth1 to the bridge.
add this to your /etc/config/network
config interface 'veth1'
option proto 'none'
option ifname 'veth0'
option auto '1'
run a download then look at network--->interface-->veth0
