diff --git a/build_num b/build_num
index a921056aa..63948bf4e 100644
--- a/build_num
+++ b/build_num
@@ -1 +1 @@
-#define BUILD_NUM 3234
+#define BUILD_NUM 3235
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 53dfcca34..30415c9d4 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,11 @@
+2010-08-19  Vadim Kurland  <vadim@vk.crocodile.org>
+
+	* NATCompiler_PrintRule.cpp (PrintRule::processNext): fixed #1693
+	SF bug 3048516 "NAT rule with 'Use SNAT instead MASQ' doesn't
+	work".  NAT rule using combination of the option "Use SNAT instead
+	of MASQ", dynamic address of an interface and source port
+	translation produced iptables command with incorrect syntax.
+
 2010-08-18  Vadim Kurland  <vadim@vk.crocodile.org>
 
 	* Helper.cpp (list): fixed #1691 , this is a better fix for the
diff --git a/src/iptlib/NATCompiler_PrintRule.cpp b/src/iptlib/NATCompiler_PrintRule.cpp
index 6df9f30ca..597bc76ed 100644
--- a/src/iptlib/NATCompiler_PrintRule.cpp
+++ b/src/iptlib/NATCompiler_PrintRule.cpp
@@ -60,6 +60,7 @@
 
 #include <assert.h>
 
+#include <QString>
 #include <QStringList>
 
 using namespace libfwbuilder;
@@ -724,9 +725,21 @@ bool NATCompiler_ipt::PrintRule::processNext()
 	    cmdout << "--to-source ";
             // if TSrc is "any" and this is SNAT rule, then this rule only
             // translates source port. Skip address part.
-            if (!tsrc->isAny()) cmdout << _printAddr(tsrc, false, true);
+            // Note for #1693: _printAddr() returns string that ends with a space,
+            // but there should be no space if the address is followed by port
+            // spec.
+            QString addr_part;
+            if (!tsrc->isAny())
+            {
+                addr_part = _printAddr(tsrc, false, true).c_str();
+            }
 	    string ports = _printSNATPorts(tsrv);
-	    if (!ports.empty()) cmdout << ":" << ports;
+	    if (!ports.empty())
+            {
+                cmdout << addr_part.trimmed().toStdString()
+                       << ":" << ports;
+            } else
+                cmdout << addr_part.toStdString();
 
             if (ropt->getBool("ipt_nat_random")) cmdout << " --random";
             if (XMLTools::version_compare(version, "1.4.3")>=0)
diff --git a/src/iptlib/OSConfigurator_linux24.cpp b/src/iptlib/OSConfigurator_linux24.cpp
index 9fdae79d0..3c4783a8e 100644
--- a/src/iptlib/OSConfigurator_linux24.cpp
+++ b/src/iptlib/OSConfigurator_linux24.cpp
@@ -515,7 +515,7 @@ string OSConfigurator_linux24::printRunTimeWrappers(FWObject *rule,
 
     command_wrappers->setVariable("address_table", false);
 
-    QRegExp intf_re("\\$i_(\\S+)");
+    QRegExp intf_re("\\$i_([^ :]+)");
 
     QStringList iface_names;
     QStringList iface_vars;
diff --git a/test/ipt/objects-for-regression-tests.fwb b/test/ipt/objects-for-regression-tests.fwb
index 1fa587f08..7baa1cdba 100644
--- a/test/ipt/objects-for-regression-tests.fwb
+++ b/test/ipt/objects-for-regression-tests.fwb
@@ -14059,7 +14059,7 @@
           <Option name="verify_interfaces">False</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id3D94D4F8" host_OS="linux24" inactive="False" lastCompiled="1272404308" lastInstalled="1142003872" lastModified="1266172388" platform="iptables" version="" name="firewall11" comment="testing rules with broadcasts and multicasts and action-on-reject 'TCP reset'. &#10;&#10;This is BRIDGING FIREWALL &#10;Firewall is part of any is OFF&#10;&#10;Interfaces eth0 and eth1 are parts of the bridge; Interface eth2 is external interface (doing NAT and routing on this interface) Interface eth3 is connected to protected network and is used to manage firewall. This is rather realistic configuration for the bridging firewall " ro="False">
+      <Firewall id="id3D94D4F8" host_OS="linux24" inactive="False" lastCompiled="1272404308" lastInstalled="1142003872" lastModified="1282234973" platform="iptables" version="" name="firewall11" comment="testing rules with broadcasts and multicasts and action-on-reject 'TCP reset'. &#10;&#10;This is BRIDGING FIREWALL &#10;Firewall is part of any is OFF&#10;&#10;Interfaces eth0 and eth1 are parts of the bridge; Interface eth2 is external interface (doing NAT and routing on this interface) Interface eth3 is connected to protected network and is used to manage firewall. This is rather realistic configuration for the bridging firewall " ro="False">
         <NAT id="id3D94D4F9" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id3E854D22" disabled="True" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -14103,6 +14103,31 @@
             </TSrv>
             <NATRuleOptions/>
           </NATRule>
+          <NATRule id="id57837X26254" disabled="False" group="" position="2" action="Translate" comment="see bug #1693 , SF bug 3048516&#10;combination of using SNAT instead of MASQ,&#10;source port translation and dynamic interface">
+            <OSrc neg="False">
+              <ObjectRef ref="net-Internal_net"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="id3CE719F5"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id3E21FC66"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="id3CE719F5"/>
+            </TSrv>
+            <NATRuleOptions>
+              <Option name="ipt_nat_persistent">False</Option>
+              <Option name="ipt_nat_random">False</Option>
+              <Option name="ipt_use_snat_instead_of_masq">True</Option>
+            </NATRuleOptions>
+          </NATRule>
           <RuleSetOptions/>
         </NAT>
         <Policy id="id3D94D508" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">