diff --git a/Shorewall/firewall b/Shorewall/firewall
index efb9dc404..2e2143bfe 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -2094,7 +2094,7 @@ add_a_rule()
 	    if [ -n "$natrule" ]; then
 		add_nat_rule
 	    elif [ -n "$addr" -a "$addr" != "$serv" ] || [ -n "$servport" -a "$servport" != "$port" ]; then
-		fatal_error "Only DNAT and REDIRECT rules may specify port mapping; rule \"$rule\""
+		fatal_error "Only DNAT and REDIRECT rules may specify destination mapping; rule \"$rule\""
 	    fi
 
 	    if [ -z "$dnat_only" -a $chain != ${FW}2${FW} ]; then
@@ -2274,18 +2274,22 @@ process_rule() # $1 = target
 
     if [ "x$chain" = x${FW}2${FW} ]; then
 	case $logtarget in
-	    REDIRECT)
+	    REDIRECT|DNAT)
+		#
+		# Redirect rules that have the firewall as the source are fw->fw rules
+		#
 		;;
 	    *)
 		error_message "WARNING: fw -> fw rules are not supported; rule \"$rule\" ignored"
 		return
 		;;
 	esac
-    fi
+    else
 
-    # Create the canonical chain if it doesn't already exist
+	# Create the canonical chain if it doesn't already exist
     
-    [ $command = check ] || ensurechain $chain
+	[ $command = check ] || ensurechain $chain
+    fi
 
     # Generate Netfilter rule(s)