iptables

There is no access from the guest machine of one Proxmox to another Proxmox host, what is the error?

Good afternoon. I ask for help, I am confused in seemingly obvious things.
Servers are rented in Hetzner, Proxmox is installed on them. A vSwitch was created in the interface, VlanID 4000 was assigned. A subinterface with a VLAN number and a vmbr0 bridge were added to the hosts in the following configurations:

- Хост A enp5s0.4000 10.10.0.1/8, vmbr0 10.10.1.1/24
- Хост B enp5s0.4000 10.2.0.1/8, vmbr0 10.2.1.1/24

Hosts are visible to each other, pings and ssh pass without problems.
On host B, a container is raised, bridge vmbr0 is assigned with the address 10.2.1.10/24. From this container there are pings to 10.2.1.1 and 10.2.0.1, but there is no access to 10.10.0.1. In tcpdump on host A I see the following picture:

09:06:15.455238 IP 10.2.1.10 > 10.10.0.1: ICMP echo request, id 1183, seq 1, length 64

And, apparently, the answer is not sent back:

08:20:18.580785 IP 10.10.0.1 > 10.10.0.1: ICMP host 10.2.1.10 unreachable, length 68

iptables configuration on host A (removed all rules related to opening ports and port forwarding):

*nat
:PREROUTING ACCEPT [63160714:14866295490]
:INPUT ACCEPT [1595076:96622921]
:OUTPUT ACCEPT [4465488:3553158324]
:POSTROUTING ACCEPT [72333500:18758066821]
-A POSTROUTING -s 10.10.0.0/16 -o enp5s0 -j SNAT --to-source a.b.c.d
*filter
:INPUT DROP [531:30092]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [546442:35156441]
-A INPUT -s 10.0.0.0/8 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 10.0.0.0/8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A FORWARD -s 10.10.0.0/16 -i vmbr0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

I guess that I'm missing some trifle, but understanding does not come.