MikroTik

When I try to do www.google.com, www.facebook.com, etc in Mikrotik terminal gives me timeout, But If I ping it from my own system I can able to ping.

my system ip is xxx.xxx.xxx.194 and default gateway is xxx.xxx.xxx.193. I do open winbox to configure Mikrotik router. I can able to ping my IP xxx.xxx.xxx.194 and my colleagues ip xxx.xxx.xxx.195 from Mikrotik terminal but not outside my network like ping 173.252.110.27 is facebook.com IP.

what would be the problem?

is the resolved IP the same in your Windows and also in your Router? Paste both outputs please

is the resolved IP the same in your Windows and also in your Router? Paste both outputs please

This is in my windows:
C:\Users\Infratab Bangalore>tracert www.gmail.com

Tracing route to googlemail.l.google.com [74.125.236.118]
over a maximum of 30 hops:

and I try ping in windows:

C:\Users\Infratab Bangalore>ping 74.125.236.118

Pinging 74.125.236.118 with 32 bytes of data:
Reply from 74.125.236.118: bytes=32 time=23ms TTL=54

I try to ping same IP in Mikrotik:

[infratabblr@MikroTik] > ping 74.125.236.118
HOST SIZE TTL TIME STATUS
74.125.236.118 timeout
74.125.236.118 timeout
74.125.236.118 timeout
74.125.236.118 timeout

can you post your firwall filter output from the router ? do you have anything in input/output chains ?

can you post your firwall filter output from the router ? do you have anything in input/output chains ?

This is in my firewall filters:

ros code

0   ;;; PortScanner: Port scanners to list
     chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=port scanners address-list-timeout=2m 

 1   ;;; PortScanner: NMAP FIN Stealth scan
     chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port scanners address-list-timeout=2m 

 2   ;;; PortScanner: SYN/FIN scan
     chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp address-list=port scanners address-list-timeout=2m 

 3   ;;; PortScanner: SYN/RST scan
     chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp address-list=port scanners address-list-timeout=2m 

 4   ;;; PortScanner: FIN/PSH/URG scan
     chain=input action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list=port scanners address-list-timeout=2m 

 5   ;;; PortScanner: ALL/ALL scan
     chain=input action=add-src-to-address-list tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port scanners address-list-timeout=2m 

 6   ;;; PortScanner: NMAP NULL scan
     chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list=port scanners address-list-timeout=2m 

 7   ;;; PortScanner: dropping port scanners
     chain=input action=drop src-address-list=port scanners 

 8   ;;; BruteforceLoginPrevention: ftp blacklist
     chain=input action=add-dst-to-address-list protocol=tcp address-list=ftp_blacklist address-list-timeout=3h content=530 Login incorrect 

 9   ;;; BruteforceLoginPrevention: allow only 10 FTP login incorrect/min
     chain=input action=accept protocol=tcp content=530 Login incorrect dst-limit=1/1m,9,dst-address/1m 

10   ;;; BruteforceLoginPrevention: drop ftp brute forcers
     chain=input action=drop protocol=tcp src-address-list=ftp_blacklist dst-port=21 

11   ;;; BruteforceLoginPrevention: ssh_stage1
     chain=input action=add-src-to-address-list connection-state=new protocol=tcp address-list=ssh_stage1 address-list-timeout=1m dst-port=22 

12   ;;; BruteforceLoginPrevention:ssh_stage2
     chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage1 address-list=ssh_stage2 address-list-timeout=1m dst-port=22 

13   ;;; BruteforceLoginPrevention:ssh_stage3
     chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage2 address-list=ssh_stage3 address-list-timeout=1m dst-port=22 

14   ;;; BruteforceLoginPrevention:ssh_blacklist
     chain=input action=add-src-to-address-list connection-state=new protocol=tcp src-address-list=ssh_stage3 address-list=ssh_blacklist address-list-timeout=1w3d dst-port=22 

15   ;;; BruteforceLoginPrevention: drop ssh brute forcers
     chain=input action=drop protocol=tcp src-address-list=ssh_blacklist dst-port=22

Many ISPs use as WAN IP routable not verify your address do a tracert and see where your package is.

Many ISPs use as WAN IP routable not verify your address do a tracert and see where your package is.

tracert command is not working in Mikrotik terminal, this is what I tried

[myuser001@MikroTik] > tracert www.google.com
bad command name tracert (line 1 column 1)

Many ISPs use as WAN IP routable not verify your address do a tracert and see where your package is.

tracert command is not working in Mikrotik terminal, this is what I tried

[myuser001@MikroTik] > tracert http://www.google.com
bad command name tracert (line 1 column 1)

It is '/tool traceroute www.google.com'.

Many ISPs use as WAN IP routable not verify your address do a tracert and see where your package is.

I can able to do traceroute as per @ranpha says. Then what should I do, I don't understand

see where your package is.