Just an update. It seems source-hash, for whatever reason, simply doesn't work for me. I did find an older post that exhibits a similar issue: http://www.monkey.org/openbsd/archive/bugs/0403/msg00211.html
Round-robin works fine, but source-hash will always leave some systems blind to the Internet; they can ping the gateway's internal interface but not the external interface. On a more upbeat note, I discovered "sticky-address" which, if it doesn't cause the problems that source-hash did, will be a very good solution, ameliorating the issues caused by round-robin alone; plus, as an added bonus, will allow me to use a table instead of a CIDR block. I have implemented it, so far, so good. My fingers are crossed that the same side effect caused by source-hash doesn't appear. Chris
