diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index f3631d839..632f60545 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -860,11 +860,12 @@ sub process_macro ( $$$$$$$$$$$$$ ) {
 	fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION +  STANDARD + NATRULE + MACRO );
 
 	if ( $msource ) {
-	    if ( ( $msource eq '-' ) || ( $msource eq 'SOURCE' ) ) {
+	    if ( $msource eq '-' ) {
 		$msource = $source || '';
-	    } elsif ( $msource eq 'DEST' ) {
-		$msource = $dest || '';
+	    } elsif ( $msource =~ s/^DEST:?// ) {
+		$msource = merge_macro_source_dest $msource, $dest; 
 	    } else {
+		$msource =~ s/^SOURCE:?//;
 		$msource = merge_macro_source_dest $msource, $source;
 	    }
 	} else {
@@ -872,11 +873,12 @@ sub process_macro ( $$$$$$$$$$$$$ ) {
 	}
 
 	if ( $mdest ) {
-	    if ( ( $mdest eq '-' ) || ( $mdest eq 'DEST' ) ) {
+	    if ( $mdest eq '-' ) {
 		$mdest = $dest || '';
-	    } elsif ( $mdest eq 'SOURCE' ) {
-		$mdest = $source || '';
+	    } elsif ( $mdest =~ s/^SOURCE:?// ) {
+		$mdest = merge_macro_source_dest $mdest , $source;
 	    } else {
+		$mdest =~ s/DEST:?//;
 		$mdest = merge_macro_source_dest $mdest, $dest;
 	    }
 	} else {
@@ -1862,6 +1864,8 @@ sub generate_matrix() {
 	addnatjump 'POSTROUTING' , snat_chain( $interface ), match_dest_dev( $interface );
     }
 
+    addnatjump 'PREROUTING', 'dnat', '';
+
     if ( $config{DYNAMIC_ZONES} ) {
 	for my $interface ( @interfaces ) {
 	    addnatjump 'PREROUTING' , dynamic_in( $interface ), match_source_dev( $interface );