I have a mikrotik router on which assigned few public IPs.
By that reason i’m using “src-nat” instead of Masquerade, because i need to separation which users go out through which public IP
It doesn’t make sense. If there’s icmp ping, then neither of these two rules with protocol=tcp/udp will touch it, no matter what other options they have. There must be something else.
Of course you can open ping and maybe traceroute to the addresses in internet, if you specify the protocol(tcp,udp for example) in the nat rule so your ping traffic discard there nad it means you wrote some rules that is not include icmp traffic. But you can add an extra rule in your firewall nat table and let your router do src-nat process for just ping and trace route traffic, As you might know the ICMP is a protocol with many types(ping is one of the icmp protocol types), if you google icmp protocol types, you can find the types.
In nat table you need to add another rule and specify the protocol:icmp in general tab, then you need to go to advanced tab and choose the icmp option and choose which icmp type and code that you want.
Or, if you don’t have a good reason to only src-nat some particular protocols, create src-nat rule without referring to protocol type and ditch the rest.
