To save some other bonehead (like myself) hours of troubleshooting, it would be my humble suggestion to add a note in the documentation about the providers file ( http://www.shorewall.net/MultiISP.html , etc. ) that you cannot use wildcard interfaces, eg ppp+, or in my case gre+, for the copy field. For the curious, I spent a good 3-4 hours trying to figure out what blackhole my packets, that should have been routed from one gre tunnel to another, were going to. It took me 10 minutes to figure out they were trying to go out the wrong interface, and an unimpressive 3+ hours to figure out that maybe I should try looking at the other tables as well. Thank you, Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV