Hello,
I have a new cloud core router ccr-1016 and need help to configure a guest network to access internet
LAN IP Addresses 10.1.10.0 /24
Gateway router to internet IP Address is 10.1.10.254/24
Production servers range is 10.1.10.1 - 10.1.10.10
Ether 2 on the CCR-1016 is 10.1.10.10/24
Ether 3 on the CCR-1016 is 10.2.10.10/26 for the GUEST
The guest users need to access internet and only 1 server IP 10.1.10.7/24
Please may you help
For internet access, just add a masquerade rule on your CCR
/ip firewall nat
add action=masquerade chain=srcnat src-address=10.2.10.0/26
Your guests need to have 10.2.10.10 as gateway.
Accessing 10.1.10.0/24 network for your guests will be automatic with the previous rule; if you want to restrict to 10.1.10.7 only, then maybe something like
/ip firewall address-list
add address=10.1.10.254 list=guest_access_ok
add address=10.1.10.7 list=guest_access_ok
/ip firewall filter
add action=drop chain=forward dst-address-list=!guest_access_ok src-address=10.2.10.0/26
=creating a list of authorized IPs, and denying access to other than those IPs from guests.