I'd guess that you're probably just missing srcnat/masquerade.
But that guide is a little strange. There's virtual AP interface with VLAN interface on it. But then both VLAN and its parent interface are bridged together. Maybe it works, but it doesn't make much sense.
Depending on what exactly you need your guest LAN to be:
a) If only one wireless interface is enough: Create virtual AP and the interface itself is your guest LAN.
b) If you want both 2.4 and 5 GHz wireless: Create virtual APs for each, bridge them together using new bridge and the bridge is your guest LAN.
c) If you want wireless (one or both) and wired VLAN: Create virtual AP(s) and assign VLAN tags to them. Add them to main bridge. Create VLAN interface on bridge. Configure bridge VLAN filtering
. VLAN interface is your guest LAN.
Now whatever your guest LAN interface is, add DHCP server to it and configure firewall. You need srcnat and then you must either allow access from guest LAN where it should be allowed, or block it to where it should not (depends on your firewall, if you block or allow forwarding by default).