RB750G - destined to replace an existing Linux/iptables based firewall.

Internal network is 10.0.0.0/24

What I did was to change Ethernets 4 and 5 to have "none" as their masters.
I am assuming this makes them stand-alone interfaces.

I configured 192.168.88.1/24 on eth5
I configured 192.168.0.1/24 on eth4

This was to prevent me locking myself out of the device.

I can connect on either of these ports (having set up the appropriate addresses on the laptop).

So far, so good.

Next I changed the address on eth2 to 10.0.0.1.24

When I configure my laptop as 10.0.0.90/24 with default route 10.0.0.1
I can ping 10.0.0.1.

i can also ping the other two interfaces, and actually connect to the admin interface (web or winbox) on either of the other (192) addresses, so connectivity is there and internal routing iw working fine.

However, I can not connect to either the web or winbox admin interfaces on 10.0.0.1.

(eth3 is still slaved to eth2 - no joy on that port either).

I think I am missing something obvious here ... but am not familiar with either the H/W or S/W, so any help will be much appreciated!

Here is the config info:
======================================

add address=10.0.0.1/24 broadcast=10.0.0.255 comment="default configuration" \
disabled=no interface=ether2-local-master network=10.0.0.0
add address=70.89.191.219/24 broadcast=70.89.191.255 comment="" disabled=no \
interface=ether1-gateway network=70.89.191.0
add address=192.168.88.1/24 broadcast=192.168.88.255 comment="" disabled=no \
interface=ether5-local-slave network=192.168.88.0
add address=192.168.0.1/24 broadcast=192.168.0.255 comment="" disabled=no \
interface=ether4-local-slave network=192.168.0.0
...

add add-default-route=yes comment="default configuration" \
default-route-distance=0 disabled=yes interface=ether1-gateway \
use-peer-dns=yes use-peer-ntp=yes
/ip dhcp-server config
set store-leases-disk=5m
/ip dhcp-server network
add address=192.168.88.0/24 comment="default configuration" dns-server=\
192.168.88.1,8.8.8.8 gateway=192.168.88.1
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB \
max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 comment="" disabled=no name=router ttl=1d

....

/ip service
set telnet address=0.0.0.0/0 disabled=no port=23
set ftp address=0.0.0.0/0 disabled=no port=21
set www address=0.0.0.0/0 disabled=no port=80
set ssh address=0.0.0.0/0 disabled=no port=22
set www-ssl address=0.0.0.0/0 certificate=none disabled=yes port=443
set api address=0.0.0.0/0 disabled=yes port=8728
set winbox address=0.0.0.0/0 disabled=no port=8291

...

set active-flow-timeout=30m cache-entries=4k enabled=no \
inactive-flow-timeout=15s interfaces=all
/ip upnp
set allow-disable-external-interface=yes enabled=no show-dummy-rule=yes


======================================

set 0 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:70:8B:33 \
master-port=none mtu=1500 name=ether1-gateway speed=100Mbps
set 1 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:70:8B:34 \
master-port=none mtu=1500 name=ether2-local-master speed=100Mbps
set 2 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:70:8B:35 \
master-port=ether2-local-master mtu=1500 name=ether3-local-slave speed=\
100Mbps
set 3 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:70:8B:36 \
master-port=none mtu=1500 name=ether4-local-slave speed=100Mbps
set 4 arp=enabled auto-negotiation=yes bandwidth=unlimited/unlimited comment=\
"" disabled=no full-duplex=yes l2mtu=1524 mac-address=00:0C:42:70:8B:37 \
master-port=none mtu=1500 name=ether5-local-slave speed=100Mbps
/interface ethernet switch
set switch1 mirror-source=none mirror-target=none name=switch1
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s management-protection=disabled \
management-protection-key="" mode=none name=default \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
wpa2-pre-shared-key=""
/interface bridge settings
set use-ip-firewall=no use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=\
no
/interface ethernet switch port
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback
set (unknown) vlan-header=leave-as-is vlan-mode=fallback

add masquerade in firewall, src-nat