LARTC - Sep 2006 - urgent probllem

Hi all,
I am very new to traffic control.
I read the lartc how to and I am curently using the script in ch15 
(cookbook) with some restricion :
I excluded the ingress section and i implemented the rest on both interfaces 
of my firewall.(eth0 the internet interface and eth1 the LAN interface).find 
below the script use on eth1
(ssh priority one and all other 2)
##################################### Egress on eth1:the LAN interface 
#######################################

DEV=eth1

# install root HTB, point default traffic to 1:20
$TC qdisc add dev $DEV root handle 1: htb default 20
# shape everything at $UPLINK speed - this prevents huge queues in your DSL 
modem which destroy latency:
$TC class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# high prio class 1:10:
$TC class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 
6k prio 1
# bulk & default class 1:20 - gets slightly less traffic and a lower 
priority:
$TC class add dev $DEV parent 1:1 classid 1:20 htb rate 64kbit ceil 
${UPLINK}kbit burst 3k prio 2

# both get Stochastic Fairness:
$TC qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 
0xff flowid 1:10
$TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip dport 22 
0xffff flowid 1:10
$TC filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip sport 22 
0xffff flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we can do 
measurements & impress our friends:
$TC filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip protocol 
1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets of the 
download in the interactive class:
$TC filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# rest is .non-interactive. ie .bulk. and ends up in 1:20
###################################################################################

the same on eth0 with DEV=eth0
I tried the script on my lab using one pc as firewall with 2 eth one 
connected to my lan and the athore to a pc simulated as internet and 
everything worked fine.
When implemented on my real fw connected to the internet I didn''t get
the
desired result that i got in the test.(the ssh or scp doesn''t get the
1rst
priority ....)
I am somewhat confused .Please any help?

Regards