diff --git a/Shorewall-perl/Shorewall/Nat.pm b/Shorewall-perl/Shorewall/Nat.pm
index 0080f437b..fe6a6cad2 100644
--- a/Shorewall-perl/Shorewall/Nat.pm
+++ b/Shorewall-perl/Shorewall/Nat.pm
@@ -190,6 +190,14 @@ sub setup_one_masq($$$$$$)
 			  '    addrlist="$addrlist --to-source $address"',
 			  'done' );
 	    $target = '-j SNAT $addrlist';
+
+	    if ( interface_is_optional $interface ) {
+		add_commands( $chainref,
+			      '',
+			      'if [ -n "$addrlist" ]; then' );
+		push_cmd_mode( $chainref );
+		$detectaddress = 1;
+	    }
 	} else {
 	    my $addrlist = '';
 	    for my $addr ( split /,/, $addresses ) {
@@ -212,6 +220,11 @@ sub setup_one_masq($$$$$$)
     #
     expand_rule $chainref , POSTROUTE_RESTRICT , $rule, $networks, $destnets, '', $target, '', '' , '';
 
+    if ( $detectaddress ) {
+	pop_cmd_mode( $chainref );
+	add_command( $chainref , 'fi' );
+    }
+
     if ( $add_snat_aliases ) {
 	my ( $interface, $alias ) = split /:/, $fullinterface;
 	for my $address ( split /,/, $addresses ) {