diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm
index 665dc0182..427c81dec 100644
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@@ -122,7 +122,6 @@ our %EXPORT_TAGS = (
 				       log_rule
 				       expand_rule
 				       addnatjump
-				       insertnatjump
 				       get_interface_address
 				       get_interface_addresses
 				       get_interface_bcasts
@@ -2036,21 +2035,6 @@ sub addnatjump( $$$ ) {
     }
 }
 
-#
-# If the destination chain exists, then at the position in the source chain given by $$countref, add a jump to the destination.
-#
-sub insertnatjump( $$$$ ) {
-    my ( $source, $dest, $countref, $predicates ) = @_;
-
-    my $destref   = $nat_table->{$dest} || {};
-
-    if ( $destref->{referenced} ) {
-	insert_rule $nat_table->{$source} , ($$countref)++, $predicates . "-j $dest";
-    } else {
-	clearrule;
-    }
-}
-
 sub emit_comment() {
     emit  ( '#',
 	    '# Establish the values of shell variables used in the following function calls',
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index 7fd6306c7..e86c35b72 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -1478,31 +1478,11 @@ sub generate_matrix() {
     #
     start_matrix;
 
-    my $prerouting_rule  = 1;
-    my $postrouting_rule = 1;
     my $exclusion_seq    = 1;
     my %chain_exclusions;
     my %policy_exclusions;
     my @interfaces = ( all_interfaces );
 
-    for my $interface ( @interfaces ) {
-	addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
-    }
-
-    if ( $config{DYNAMIC_ZONES} ) {
-	for my $interface ( @interfaces ) {
-	    addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );
-	}
-    }
-
-    addnatjump 'PREROUTING'  , 'nat_in'  , '';
-    addnatjump 'POSTROUTING' , 'nat_out' , '';
-
-    for my $interface ( @interfaces ) {
-	addnatjump 'PREROUTING'  , input_chain( $interface )  , match_source_dev( $interface );
-	addnatjump 'POSTROUTING' , output_chain( $interface ) , match_dest_dev( $interface );
-    }
-
     #
     # Special processing for complex zones
     #
@@ -1610,7 +1590,7 @@ sub generate_matrix() {
 
 			my $source = match_source_net $net;
 
-			insertnatjump 'PREROUTING' , dnat_chain $zone, \$prerouting_rule, join( '', match_source_dev( $interface), $source, $ipsec_in_match );
+			addnatjump 'PREROUTING' , dnat_chain $zone, join( '', match_source_dev( $interface), $source, $ipsec_in_match );
 
 			if ( $chain2 ) {
 			    if ( @$exclusions ) {
@@ -1809,6 +1789,27 @@ sub generate_matrix() {
 	    }
 	}
     }
+    #
+    # Add Nat jumps
+    #
+    for my $interface ( @interfaces ) {
+	addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
+    }
+
+    if ( $config{DYNAMIC_ZONES} ) {
+	for my $interface ( @interfaces ) {
+	    addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );
+	}
+    }
+
+    addnatjump 'PREROUTING'  , 'nat_in'  , '';
+    addnatjump 'POSTROUTING' , 'nat_out' , '';
+
+    for my $interface ( @interfaces ) {
+	addnatjump 'PREROUTING'  , input_chain( $interface )  , match_source_dev( $interface );
+	addnatjump 'POSTROUTING' , output_chain( $interface ) , match_dest_dev( $interface );
+    }
+
     #
     # Now add the jumps to the interface chains from FORWARD, INPUT, OUTPUT and POSTROUTING
     #