After a lengthy session with tcpdump, Wireshark, and World of Warcraft (a story for another day) I finally figured out one of the major causes of our bandwidth management ailments - the old Netcomm NB7 ADSL modem I'm using since we switched to a FreeBSD powered router appears to be royally fucked.
So I dug out the Telstra modem/router/WAP combo (which the Wifi frequently dies on but everything else was "okay" - "okay" being some measure of acceptable according to Telstra, which to everyone else probably means patently friggin' terrible), disabled Wifi on it and connected it up as just a modem to the WAN port of the FreeBSD machine.
So far so good - the internet was running fantastic all night. Until this morning, when we had no HTTP.
Everything else was working, including any sites you accessed over HTTPS. Turns out Telstra silently upgraded the Technicolor TG587n router to the latest firmware (10.3.T.M) over night and it broke a bunch of settings, leaving the web-interception shit apparently (from what I can tell) half-on. Enabling it and re-disabling it caused it to show correctly as disabled in the configuration window, and everything suddenly started working again.