diff --git a/gestion/config.py b/gestion/config.py
index 9424b4f5..6b2cd497 100644
--- a/gestion/config.py
+++ b/gestion/config.py
@@ -453,8 +453,8 @@ NETs = { 'serveurs' : [ '138.231.136.0/28' ],
                            '138.231.147.0/24', '138.231.149.0/24', '138.231.150.0/24', '138.231.151.0/24' ],
          'fil' : [ '138.231.136.0/21' ],
          'wifi': [ '138.231.144.0/21' ],
-         'gratuit': [ '10.42.0.0/21' ],
-	 'accueil': ['10.51.0.0/21' ],
+         'gratuit': [ '10.42.0.0/16' ],
+	 'accueil': ['10.51.0.0/16' ],
          'personnel-ens': ['10.2.9.0/24' ],
          'ens' : ['138.231.135.0/24'],
          'all' : [ '138.231.136.0/21', '138.231.148.0/21' ]
@@ -574,6 +574,11 @@ open_ports = { 'tcp' : '22' }
 debit_max_radin = 1000000
 debit_max_gratuit = 1000000
 
+#######################
+##   Vlan accueil    ##
+#######################
+accueil_route = {'138.231.136.1':['80','443'],'138.231.136.67':['80','443']}
+
 
 #######################
 ## Mail de bienvenue ##
diff --git a/gestion/gen_confs/firewall_new.py b/gestion/gen_confs/firewall_new.py
index 24626ee0..28c25850 100755
--- a/gestion/gen_confs/firewall_new.py
+++ b/gestion/gen_confs/firewall_new.py
@@ -37,7 +37,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi, BorneWifi
 from affich_tools import *
 from commands import getstatusoutput
 from iptools import AddrInNet, NetSubnets, IpSubnet
-from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users
+from config import NETs, mac_komaz, mac_wifi, mac_titanic, mac_g, conf_fw, p2p, vlans, debit_max_radin, adm_users, accueil_route
 from ipset import IpsetError, Ipset
 from lc_ldap import lc_ldap
 syslog.openlog('firewall')
@@ -1354,6 +1354,14 @@ class firewall_vert(firewall_crans) :
 class firewall_sable(firewall_redisdead):
     """Comme pour rouge, avec le proxy transparent en plus"""
 
+    def filter_table_tweaks(self) :
+        iptables("-P INPUT ACCEPT")
+        iptables("-P FORWARD DROP")
+        for ip in accueil_route.keys():
+          for port in accueil_route[ip]:
+           iptables("-A FORWARD -p tcp -d %s --dport %s -j ACCEPT" % (ip,port))
+           iptables("-A FORWARD -p tcp -s %s --sport %s -j ACCEPT" % (ip,port))
+
     def mangle_table(self):
         iptables("-t mangle -F PREROUTING")
 
@@ -1375,6 +1383,12 @@ class firewall_sable(firewall_redisdead):
         if_accueil = "eth0.%d" % vlans["accueil"]
         if_isolement = "eth0.%d" % vlans["isolement"]
 
+	#intranet et wiki pour le vlan accueil
+        for ip in accueil_route.keys():
+          for port in accueil_route[ip]:
+            iptables("-t nat -A PREROUTING -i eth0.7 -p tcp -d %s --dport %s -j ACCEPT" % (ip,port))
+            iptables("-t nat -A POSTROUTING -p tcp -s %s -d %s --dport %s -j MASQUERADE" % (NETs['accueil'][0],ip,port))
+
          # Proxy transparent pour le wifi
         iptables("-t nat -A PREROUTING -i %s -p tcp --dport 80" %if_defaut +
                  " -d ! 138.231.136.0/24 -j DNAT --to-destination" +