diff --git a/build_num b/build_num
index 06d9e6080..e0c50bd4a 100644
--- a/build_num
+++ b/build_num
@@ -1 +1 @@
-#define BUILD_NUM 3236
+#define BUILD_NUM 3237
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 17aaf585a..5ab096772 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -8,6 +8,12 @@
 	will use PREROUTING and POSTROUTING in single compile mode but issue
 	a warning.
 
+	* NATCompiler_ipt.cpp (localNATRule::processNext): see #1685
+	"iptables redirecting NAT rules in the OUTPUT chain". This fix
+	makes it possible to create iptables NAT rule with target REDIRECT
+	in the OUTPUT chain. The rule should have firewall object in OSrc
+	and TDst rule elements.
+
 	* NATCompiler_PrintRule.cpp (PrintRule::processNext): fixed #1693
 	SF bug 3048516 "NAT rule with 'Use SNAT instead MASQ' doesn't
 	work".  NAT rule using combination of the option "Use SNAT instead
diff --git a/src/iptlib/NATCompiler_ipt.cpp b/src/iptlib/NATCompiler_ipt.cpp
index cdc9a2d55..d8ebcd0a5 100644
--- a/src/iptlib/NATCompiler_ipt.cpp
+++ b/src/iptlib/NATCompiler_ipt.cpp
@@ -2064,7 +2064,7 @@ bool NATCompiler_ipt::localNATRule::processNext()
     {
     case NATRule::DNAT:
     case NATRule::DNetnat:
-
+    case NATRule::Redirect:
 /* it should not be necessary to do anything if rule type is NONAT
  * since splitNONATRule takes care of NONAT rules
  *
diff --git a/test/ipt/objects-for-regression-tests.fwb b/test/ipt/objects-for-regression-tests.fwb
index b3b92fd1e..92717570e 100644
--- a/test/ipt/objects-for-regression-tests.fwb
+++ b/test/ipt/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1280885247" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1282242248" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -4640,6 +4640,7 @@
         <TCPService id="id46355X95438" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="False" name="New TCP Service 1" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="1" dst_range_end="1"/>
         <TCPService id="id69385X25753" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="ports 3050-3051" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="3050" dst_range_end="3051"/>
         <TCPService id="id69386X25753" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="port 700" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="700" dst_range_end="700"/>
+        <TCPService id="id1195021X6573" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp-9040" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="9040" dst_range_end="9040"/>
       </ServiceGroup>
       <ServiceGroup id="stdid08_1" name="UDP" comment="" ro="False">
         <UDPService id="id3ED59BF0" name="udp-src-6767" comment="" ro="False" src_range_start="6767" src_range_end="6767" dst_range_start="0" dst_range_end="0"/>
@@ -8138,7 +8139,7 @@
           <Option name="verify_interfaces">False</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id3AFB66C6" host_OS="linux24" inactive="False" lastCompiled="1273779773" lastInstalled="1142003872" lastModified="1264552639" platform="iptables" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
+      <Firewall id="id3AFB66C6" host_OS="linux24" inactive="False" lastCompiled="1273779773" lastInstalled="1142003872" lastModified="1282242276" platform="iptables" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
         <NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="id3AFB66C8" disabled="False" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -9235,6 +9236,27 @@
             </TSrv>
             <NATRuleOptions/>
           </NATRule>
+          <NATRule id="id1194991X6573" disabled="False" group="" position="49" action="Translate" comment="">
+            <OSrc neg="False">
+              <ObjectRef ref="id3AFB66C6"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="id1195021X6573"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="id3AFB66C6"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="id1195021X6573"/>
+            </TSrv>
+            <NATRuleOptions/>
+          </NATRule>
           <RuleSetOptions/>
         </NAT>
         <Policy id="id3AFB66E4" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">