diff --git a/archi.nft b/archi.nft
index febfaf3..d9cc885 100644
--- a/archi.nft
+++ b/archi.nft
@@ -15,4 +15,12 @@ define website = 193.48.225.242
 define intranet = 193.48.225.247
 define bounce_server = 193.48.225.247
 
+define range_adherent = 10.69.0.0/20
+define range_admin = 10.7.0.0/24
+define range_federez = 10.20.0.0/21
+define range_aloes = 10.66.0.0/27
+define range_prerezotage = 10.68.0.0/16
+define range_public = 193.48.225.0/24
 
+define ip_self_public = 193.48.225.254
+define ip_radius = 10.7.0.124
diff --git a/firewall.nft b/firewall.nft
index 968ab50..db19488 100755
--- a/firewall.nft
+++ b/firewall.nft
@@ -24,13 +24,13 @@ table inet firewall {
 		type filter hook forward priority 0;
 
 		# Politique par défaut : tout jeter.
-		policy drop;
+		policy accept
 
 		# Applique la politique globale
 		jump global
 
 		# Passage par le checkmac pour les concernés
-		jump checkmac
+		#jump checkmac
 
 		# Filtre sur les interfaces entrantes, ne pas accepter
 		# directement dans la chaine, mais retourner.
@@ -47,7 +47,7 @@ table inet firewall {
 			$if_prerezotage : jump from_prerezotage,
 			$if_dmz: jump from_dmz
 		}
-
+		
 		# Filtre sur les interfaces sortantes, ne pas retourner : drop ou
 		# accept
 		# On utilise des goto pour ne pas revenir ici une fois la chaîne
@@ -61,7 +61,7 @@ table inet firewall {
 			$if_prerezotage : goto to_prerezotage,
 			$if_dmz: goto to_dmz
 		}
-
+		
 		# Un compteur qui doit être à 0 si on a bien fait notre travail.
 		counter
 	}
diff --git a/mac_ip.py b/mac_ip.py
index f411dee..e64b220 100644
--- a/mac_ip.py
+++ b/mac_ip.py
@@ -33,7 +33,7 @@ api_hostname = CONFIG.get('Re2o', 'hostname')
 api_password = CONFIG.get('Re2o', 'password')
 api_username = CONFIG.get('Re2o', 'username')
 
-api_client = Re2oAPIClient(api_hostname, api_username, api_password)
+api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False)
 
 
 def gen_ip_mac_set():
diff --git a/nat.nft b/nat.nft
index 83f8ebe..0a22db6 100644
--- a/nat.nft
+++ b/nat.nft
@@ -1,30 +1,33 @@
 #! /sbin/nft -f
 
 table ip nat {
+
+	set radius_federez {
+		type ipv4_addr
+		elements = { 62.210.81.204, 185.230.78.47 }
+	}
+
 	chain prerouting {
 		type nat hook prerouting priority 0;
-		meta iifname $if_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
+		ip saddr $range_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
+		ip saddr @radius_federez ip daddr $ip_self_public tcp dport { 636, 389 } dnat $ip_radius; 
+		ip saddr @radius_federez ip daddr $ip_self_public udp dport { 636 } dnat $ip_radius; 
 	}
 
 
 	chain postrouting {
 		type nat hook postrouting priority 100
 
-		meta oifname != $if_supelec return
 
-		meta iifname vmap {
-			$if_adherent : jump adherent_nat,
-			$if_admin : jump admin_nat,
-			$if_federez : jump federez_nat,
-			$if_aloes : jump aloes_nat,
-			$if_prerezotage : jump prerezotage_nat
+		ip daddr != {10.0.0.0/8, $range_public} ip saddr vmap {
+			$range_adherent : goto adherent_nat,
+			$range_admin : goto admin_nat,
+			$range_federez : goto federez_nat,
+			$range_aloes : goto aloes_nat,
+			$range_prerezotage : goto prerezotage_nat
 		}
-
-		counter
-
-		# ip saddr 10.0.0.0/8 snat to 193.48.225.3
-		snat to 193.48.225.3
-
+		
+		ip daddr != {10.0.0.0/8, $range_public} ip saddr != $range_public snat to $ip_self_public
 	}
 
 }
diff --git a/nat.py b/nat.py
index 918a33e..8604c1d 100644
--- a/nat.py
+++ b/nat.py
@@ -73,22 +73,9 @@ def create_nat_aloes():
     )
 
 
-def create_nat_admin():
-    range_in = CONFIG['NAT']['range_in_admin']
-    range_out = CONFIG['NAT']['range_out_admin']
-    first_port = int(CONFIG['NAT']['first_port_admin'])
-    last_port = int(CONFIG['NAT']['last_port_admin'])
-    return NAT(
-        'admin',
-        range_in,
-        range_out,
-        first_port,
-        last_port
-    )
-
-
 def main():
-    nat_log = time.ctime() + "\n"
+    ctime = time.ctime()
+    nat_log = ctime + "\n"
     logging.info("Creating adherent nat...")
     nat_adherent = create_nat_adherent()
     nat_log += "Adherents :\n"
@@ -104,14 +91,11 @@ def main():
     nat_log += "Aloes :\n"
     nat_log += aloes_nat.manage()
     logging.info("Done.")
-    logging.info("Creating admin nat...")
-    admin_nat = create_nat_admin()
-    nat_log += "Admin :\n"
-    nat_log += admin_nat.manage()
-    logging.info("Done.")
 
-    logging.info("Saving nat table into /var/log/nat.log")
-    with open('/var/log/nat.log', 'a') as f:
+    filename = "/var/log/nat-%s.log" % ctime
+
+    logging.info("Saving nat table into " + filename)
+    with open(filename, 'a') as f:
         f.write(nat_log)
 
 
diff --git a/zones/admin.nft b/zones/admin.nft
index ef20bf9..5ca3852 100644
--- a/zones/admin.nft
+++ b/zones/admin.nft
@@ -12,17 +12,8 @@ table inet firewall {
 }
 
 table nat {
-	# On nate les admins derrière les IPs 193.48.225.215 à 193.48.225.224 en
-	# attribuant les plages de ports 11135-65535 par tranche de 1700 ports.
-	# On a donc 32 Ips de 10.7.0.0/24 derrière chaque Ip.
-	# exemple: 10.7.0.1-10.7.0.31 : 193.48.225.215
-	# On peut aussi ajouter dynamiquement des éléments :
-	# nft add element nat federez_nat_address {10.7.0.1-10.7.0.31 : 193.48.225.215}
-	map admin_nat_address {
-		type ipv4_addr: ipv4_addr
-		flags interval
-	}
 	chain admin_nat {
+		snat to $ip_self_public
 	}
 }
 
diff --git a/zones/dmz.nft b/zones/dmz.nft
index 17f4ab9..b8bdd96 100644
--- a/zones/dmz.nft
+++ b/zones/dmz.nft
@@ -60,13 +60,13 @@ table inet firewall {
 	set ldap {
 		type ipv4_addr
 		flags interval
-		elements = { 193.48.225.240 }
+		elements = { 193.48.225.240, 193.48.225.248 }
 	}
 
 	set ldap_clients {
 		type ipv4_addr
 		flags interval
-		elements = { 10.7.0.0/24, 10.69.0.0/20, 185.230.78.37, 51.15.178.125}
+		elements = { 10.7.0.0/24, 10.69.0.0/20, 185.230.78.37, 51.15.178.125, 193.48.225.0/24 }
 	}
 
 	set mysql {
@@ -76,6 +76,8 @@ table inet firewall {
 	}
 
 	chain to_dmz {
+		ip saddr 10.7.0.0/16 accept
+
 		ip daddr @smtp tcp dport { 22, 25, 80 } accept
 		ip daddr @dns tcp dport { 22, 53 } accept
 		ip daddr @dns udp dport { 53 } accept
@@ -89,12 +91,14 @@ table inet firewall {
 		ip daddr @video udp dport { 37800 } accept
 		ip daddr @video tcp dport { 5678 } accept
 
-		ip daddr @ldap ip saddr @ldap_clients tcp dport { 389, 636} accept
+		ip saddr @ldap_clients ip daddr @ldap tcp dport { 389, 636 } accept
+		ip saddr @ldap_clients ip daddr @ldap udp dport { 636 } accept
 
 		drop
 	}
 
 	chain from_dmz {
+		ip daddr 10.0.0.0/8 accept
 		ip daddr @mysql ip saddr != @www tcp dport 3306 drop
 		ip daddr @mysql ip saddr != @smtp tcp dport 3306 drop
 	}
diff --git a/zones/prerezotage.nft b/zones/prerezotage.nft
index 03a2d1e..cf02a90 100644
--- a/zones/prerezotage.nft
+++ b/zones/prerezotage.nft
@@ -24,7 +24,7 @@ table inet firewall {
 
 table nat {
 	chain prerezotage_nat {
-		masquerade
+		snat to $ip_self_public
 	}
 }