So I have 2 internet connections and I was trying to set up 2 tables to have a way to set some networks to use one wan and another to use another, all with tables that were using recursive routes.. I first noticed some weirdness when I tried to do some test with my iperf server in the cloud.. kept getting back a socket error. I tried the WAN21 (rule to use the wan2 as the primary and wan1 as fail over) and that rule worked just fine. but the wan12 rule just kept giving me that error..and I notice some sites were not opening. Now after just making normal table rules and not recursive the problem went away. But I mean I really want to use recursive routes here. Ill post my config and see if anything stands out please.. Driving myself insane here.
/interface ethernet set [ find default-name=ether1 ] comment=WAN1 name=ether1_WAN1
/interface ethernet set [ find default-name=ether2 ] comment=WAN2 name=ether2_WAN2
/interface ethernet set [ find default-name=ether3 ] name=ether3_WAN3
/interface ethernet set [ find default-name=sfp-sfpplus1 ] name=sfp-sfpplus1_WAN
/interface ethernet set [ find default-name=sfp-sfpplus2 ] name=sfp-sfpplus2_LAN
/interface wireguard add listen-port=17018 mtu=1420 name=miamieventwg1
/interface vlan add disabled=yes interface=sfp-sfpplus2_LAN name=130Production vlan-id=130
/interface vlan add disabled=yes interface=sfp-sfpplus2_LAN name=140Ticketing vlan-id=140
/interface vlan add disabled=yes interface=sfp-sfpplus2_LAN name=150Vendors vlan-id=150
/interface vlan add interface=sfp-sfpplus2_LAN name=160-Production vlan-id=160
/interface vlan add interface=sfp-sfpplus2_LAN name=169Guest vlan-id=169
/interface vlan add interface=sfp-sfpplus2_LAN name=170 vlan-id=170
/interface vlan add interface=sfp-sfpplus2_LAN name=180Merch vlan-id=180
/interface vlan add interface=sfp-sfpplus2_LAN name=189 vlan-id=189
/interface vlan add interface=sfp-sfpplus2_LAN name=190 vlan-id=190
/interface vlan add interface=sfp-sfpplus2_LAN name=192-Toasts vlan-id=192
/interface vlan add interface=sfp-sfpplus2_LAN name=200Management vlan-id=200
/interface list add name=WAN
/interface list add name=TrustedLAN
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik
/ip pool add name=dhcp_pool0 ranges=192.168.88.2-192.168.88.254
/ip pool add name=130Production ranges=10.130.0.100-10.130.15.254
/ip pool add name=140Ticketing ranges=10.140.0.50-10.140.3.254
/ip pool add name=150Vendors ranges=10.150.0.50-10.150.15.254
/ip pool add name=169Guest ranges=10.169.0.2-10.169.255.254
/ip pool add name=170 ranges=10.170.0.50-10.170.3.254
/ip pool add name=180Merch ranges=10.180.0.50-10.180.3.254
/ip pool add name=189 ranges=10.189.0.50-10.189.3.254
/ip pool add name=190 ranges=10.190.0.50-10.190.3.254
/ip pool add name=160-Production ranges=10.160.0.100-10.160.15.254
/ip pool add name=192-Toasts ranges=192.168.192.50-192.168.192.254
/ip dhcp-server add address-pool=dhcp_pool0 interface=ether13 lease-time=10m name=dhcp1
/ip dhcp-server add address-pool=130Production interface=130Production lease-time=3h name=130Production
/ip dhcp-server add address-pool=140Ticketing interface=140Ticketing lease-time=3h name=140Ticketing
/ip dhcp-server add address-pool=150Vendors interface=150Vendors lease-time=3h name=150Vendors
/ip dhcp-server add address-pool=169Guest interface=169Guest lease-time=3h name=169Guest
/ip dhcp-server add address-pool=170 interface=170 lease-time=3h name=170
/ip dhcp-server add address-pool=180Merch interface=180Merch lease-time=3h name=180Merch
/ip dhcp-server add address-pool=189 interface=189 lease-time=3h name=189
/ip dhcp-server add address-pool=190 interface=190 lease-time=3h name=190
/ip dhcp-server add address-pool=160-Production interface=160-Production name=160-Production
/ip dhcp-server add address-pool=192-Toasts interface=192-Toasts lease-time=1d name=192-Toasts
/port set 0 name=serial0
/routing table add disabled=no fib name=WAN21
/routing table add disabled=no fib name=WAN12
/routing table add disabled=no fib name=WAN12-NoRecursive
/routing table add disabled=no fib name=WAN21-NoRecursive
/snmp community add addresses=::/0 name=
/ip firewall connection tracking set enabled=yes tcp-established-timeout=30m
/interface list member add interface=ether1_WAN1 list=WAN
/interface list member add interface=ether13 list=TrustedLAN
/ip address add address=192.168.88.1/24 comment=defconf interface=ether13 network=192.168.88.0
/ip address add address=10.130.0.1/20 disabled=yes interface=130Production network=10.130.0.0
/ip address add address=10.140.0.1/22 disabled=yes interface=140Ticketing network=10.140.0.0
/ip address add address=10.150.0.1/20 disabled=yes interface=150Vendors network=10.150.0.0
/ip address add address=10.160.0.1/20 interface=160-Production network=10.160.0.0
/ip address add address=10.169.0.1/16 interface=169Guest network=10.169.0.0
/ip address add address=10.170.0.1/22 interface=170 network=10.170.0.0
/ip address add address=10.180.0.1/22 interface=180Merch network=10.180.0.0
/ip address add address=10.189.0.1/22 interface=189 network=10.189.0.0
/ip address add address=10.190.0.1/22 interface=190 network=10.190.0.0
/ip address add address=XX.XX.XX.130/29 interface=ether2_WAN2 network=XX.XX.XX.128
/ip address add address=YY.YY.YY.156/29 interface=ether1_WAN1 network=YY.YY.YY.152
/ip address add address=192.168.200.2/24 interface=200Management network=192.168.200.0
/ip address add address=192.168.192.1/24 interface=192-Toasts network=192.168.192.0
/ip cloud set ddns-enabled=yes
/ip dhcp-client add default-route-distance=3 disabled=yes interface=ether3_WAN3
/ip dhcp-server network add address=10.130.0.0/20 dns-server=8.8.8.8,1.1.1.1 gateway=10.130.0.1
/ip dhcp-server network add address=10.140.0.0/22 dns-server=8.8.8.8,1.1.1.1 gateway=10.140.0.1
/ip dhcp-server network add address=10.150.0.0/20 dns-server=8.8.8.8,1.1.1.1 gateway=10.150.0.1
/ip dhcp-server network add address=10.160.0.0/20 dns-server=8.8.8.8,1.1.1.1 gateway=10.160.0.1
/ip dhcp-server network add address=10.169.0.0/16 dns-server=8.8.8.8,1.1.1.1 gateway=10.169.0.1
/ip dhcp-server network add address=10.170.0.0/22 dns-server=8.8.8.8,1.1.1.1 gateway=10.170.0.1
/ip dhcp-server network add address=10.180.0.0/22 dns-server=8.8.8.8,1.1.1.1 gateway=10.180.0.1
/ip dhcp-server network add address=10.189.0.0/22 dns-server=8.8.8.8,1.1.1.1 gateway=10.189.0.1
/ip dhcp-server network add address=10.190.0.0/22 dns-server=8.8.8.8,1.1.1.1 gateway=10.190.0.1
/ip dhcp-server network add address=192.168.88.0/24 dns-server=8.8.8.8 gateway=192.168.88.1
/ip dhcp-server network add address=192.168.192.0/24 dns-server=8.8.8.8,1.1.1.1 gateway=192.168.192.1
/ip dns set servers=8.8.8.8,1.1.1.1
/ip firewall address-list add address=10.130.0.0/20 list=130Production
/ip firewall address-list add address=10.140.0.0/22 list=140Ticketing
/ip firewall address-list add address=10.150.0.0/20 list=150Vendors
/ip firewall address-list add address=10.160.0.0/20 list=160-Production
/ip firewall address-list add address=10.169.0.0/16 list=169Guest
/ip firewall address-list add address=10.170.0.0/22 list=170
/ip firewall address-list add address=10.180.0.0/22 list=180Merch
/ip firewall address-list add address=10.189.0.0/22 list=189
/ip firewall address-list add address=10.190.0.0/22 list=190
/ip firewall address-list add address=192.168.0.0/16 list=PrivateIps
/ip firewall address-list add address=172.16.0.0/12 list=PrivateIps
/ip firewall address-list add address=10.0.0.0/8 list=PrivateIps
/ip firewall address-list add address=YY.YY.YY.155 list=WAN1-Atlantic
/ip firewall address-list add address=XX.XX.XX.129 list=WAN2-Comcast
/ip firewall address-list add address=192.168.192.0/24 list=192Toast
/ip firewall filter add action=drop chain=output comment=test disabled=yes dst-address=9.9.9.9
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" disabled=yes protocol=icmp
/ip firewall filter add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!TrustedLAN
/ip firewall filter add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
/ip firewall filter add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related disabled=yes hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=!PrivateIps in-interface=160-Production new-routing-mark=WAN12-NoRecursive passthrough=yes
/ip firewall nat add action=masquerade chain=srcnat comment="Masquerade Internet Rule - Wan 1" out-interface=ether1_WAN1
/ip firewall nat add action=masquerade chain=srcnat comment="Masquerade Internet Rule - Wan 2" out-interface=ether2_WAN2
/ip firewall nat add action=masquerade chain=srcnat comment="Masquerade Internet Rule - Wan 3 DHCP" out-interface=ether3_WAN3
/ip firewall raw add action=notrack chain=prerouting comment="Dont Track Broadcast" disabled=yes dst-address=255.255.255.255
/ip route add check-gateway=ping comment="WAN12 - Comcast Backup" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=11
/ip route add check-gateway=ping comment="Recursive Route for Wan 2 DNS Main Routing Table" disabled=no distance=1 dst-address=4.2.2.2/32 gateway=XX.XX.XX.134 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping comment="WAN12 - Atlantic Primary " disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=11
/ip route add check-gateway=ping comment="Recursive Route for WAN1 DNS" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=YY.YY.YY.153 pref-src="" routing-table=main scope=10 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping comment="WAN21 - Comcast Primary " disabled=no distance=1 dst-address=0.0.0.0/0 gateway=9.9.9.9 pref-src="" routing-table=WAN21 scope=30 suppress-hw-offload=no target-scope=31
/ip route add check-gateway=ping disabled=no distance=1 dst-address=9.9.9.9/32 gateway=XX.XX.XX.134 pref-src="" routing-table=WAN21 scope=10 suppress-hw-offload=no target-scope=12
/ip route add check-gateway=ping comment="WAN21 - Atlantic Backup" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 pref-src="" routing-table=WAN21 scope=30 suppress-hw-offload=no target-scope=14
/ip route add check-gateway=ping disabled=no distance=1 dst-address=1.1.1.1/32 gateway=YY.YY.YY.153 pref-src="" routing-table=WAN21 scope=10 suppress-hw-offload=no target-scope=12
/ip route add check-gateway=ping comment="WAN12 - Comcast Backup" disabled=no distance=2 dst-address=0.0.0.0/0 gateway=4.2.2.2 pref-src="" routing-table=WAN12 scope=10 suppress-hw-offload=no target-scope=11
/ip route add check-gateway=ping comment="Recursive Route for Wan 2 DNS Main Routing Table" disabled=no distance=1 dst-address=4.2.2.2/32 gateway=XX.XX.XX.134 pref-src="" routing-table=WAN12 scope=10 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping comment="WAN12 - Atlantic Primary " disabled=no distance=1 dst-address=0.0.0.0/0 gateway=8.8.8.8 pref-src="" routing-table=WAN12 scope=10 suppress-hw-offload=no target-scope=11
/ip route add check-gateway=ping comment="Recursive Route for WAN1 DNS" disabled=no distance=1 dst-address=8.8.8.8/32 gateway=YY.YY.YY.153 pref-src="" routing-table=WAN12 scope=10 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=9.9.9.9/32 gateway=XX.XX.XX.134 routing-table=WAN12 suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=9.9.9.9/32 gateway=XX.XX.XX.134 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add check-gateway=ping disabled=no distance=1 dst-address=0.0.0.0/0 gateway=YY.YY.YY.153 pref-src="" routing-table=WAN12-NoRecursive scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=XX.XX.XX.134 routing-table=WAN12-NoRecursive suppress-hw-offload=no
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=XX.XX.XX.134 routing-table=WAN21-NoRecursive suppress-hw-offload=no
/ip route add disabled=no distance=2 dst-address=0.0.0.0/0 gateway=YY.YY.YY.153 routing-table=WAN21-NoRecursive suppress-hw-offload=no
/snmp set enabled=yes trap-community= trap-version=2
/system clock set time-zone-name=America/New_York
