diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 9422ecf57..db96d0ab2 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -515,22 +515,27 @@ iptables_red_up() {
 			iptables -t nat -A REDNAT -i "${GREEN_DEV}" -o "${IFACE}" -j RETURN
 		fi
 
-		local NO_MASQ_NETWORKS
+		local NO_MASQ_NETWORKS=()
 
 		if [ "${MASQUERADE_GREEN}" = "off" ]; then
-			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
+			NO_MASQ_NETWORKS+=( "${GREEN_NETADDRESS}/${GREEN_NETMASK}" )
 		fi
 
 		if [ "${MASQUERADE_BLUE}" = "off" ]; then
-			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+			NO_MASQ_NETWORKS+=( "${BLUE_NETADDRESS}/${BLUE_NETMASK}" )
 		fi
 
 		if [ "${MASQUERADE_ORANGE}" = "off" ]; then
-			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+			NO_MASQ_NETWORKS+=( "${ORANGE_NETADDRESS}/${ORANGE_NETMASK}" )
 		fi
 
+		local alias
+		for alias in $(get_aliases); do
+			NO_MASQ_NETWORKS+=( "${alias}" )
+		done
+
 		local network
-		for network in ${NO_MASQ_NETWORKS}; do
+		for network in ${NO_MASQ_NETWORKS[@]}; do
 			iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
 		done
 
diff --git a/src/initscripts/system/functions b/src/initscripts/system/functions
index 125aa1dc6..8b0b07e29 100644
--- a/src/initscripts/system/functions
+++ b/src/initscripts/system/functions
@@ -938,3 +938,18 @@ readhash() {
 		printf -v "${array}[${key}]" "%s" "${val}"
 	done < "${file}"
 }
+
+# Returns all enabled aliases
+get_aliases() {
+	local address
+	local enabled
+	local rest
+
+	local IFS=,
+
+	while read -r address enabled rest; do
+		if [ "${enabled}" = "on" ]; then
+			echo "${address}"
+		fi
+	done < /var/ipfire/ethernet/aliases
+}