You need to adjust your mangle rules. Change these two rules:
to:
/ip firewall mangle
add action=mark-connection chain=prerouting comment="Mark incoming xfinity traffic" \
in-interface=ether8 connection-state=new connection-mark=no-mark \
new-connection-mark=via-xfinity
add action=mark-routing chain=prerouting comment="Route marked xfinity traffic over xfinity" \
connection-mark=via-xfinity in-interface=main_vlan new-routing-mark=xfinity passthrough=no
Adjust in-interface=main_vlan to in-interface-list in the future if you forward ports to more internal interfaces.
This routing rule:
is not needed and can be removed.
Also, you can re-enable the fasttrack rule, because you've already added connection-mark=no-mark to it, so that already bypasses the connections marked by mangle. And RouterOS now supports fasttrack for IPv6 too.
With recent RouterOS versions, you don't need to hardcode the default route in the xfinity routing table anymore, you can remove this static route:
And modify the DHCP client entry on ether8 so that it becomes this instead:
/ip dhcp-client
add default-route-distance=100 default-route-tables=main:100,xfinity:1 \
interface=ether8 name=ether8 use-peer-dns=no
and the route will be automatically added to the xfinity table. Similarly you can also put default-route-tables=main:1,xfinity:100 for the DHCP client on ether1, and its default route will also be added to the xfinity table with distance 100.