1. The router knows how to get to both destinations since they're locally connected, so you don't need routes. What you will need is default routes on the host that you are pinging from/to. They'll need to know where to send their traffic that they can't resolve for. Make sure the firewalls are turned off on both PCs as well.
2. You'll need either acls, zbfw, or cbac configured to block those hosts. The easiest is going to be acls. You'll permit hosts to talk to the 10.10.255.x hosts and then deny the rest like:
access-list 100 permit ip host 192.168.17.5 10.10.255.0 0.0.0.255
access-list 100 permit ip host 192.168.17.6 10.10.255.0.0.0.0 255
access-list 100 deny ip any 10.10.255.0 0.0.0.255
access-list 100 permit ip any any
Then you would apply the acl to the interface that is for the 192.168.17.0/24 subnet:
John, thanks for the info so with this i can ping from my host thats on 192.168.17.5 to the fe1 10.10.255.1 and i get reply but i cant ping any host thats on the 10.10.255.x network. do i need to specify any route?
my ip route info.
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets C 10.10.255.0 is directly connected, FastEthernet0/1 C 192.168.17.0/24 is directly connected, FastEthernet0/0