linux

Why is there no access to the virtual machine from another virtual machine via external ip or domain within the network?

The server has two virtual machines (KVM) with addresses 192.168.202.2 and 192.168.202.3.
Machine 202.1 has several services running listening on ports 50000-50010. The subdomain two.baremetal.com is associated with the same machine.
If you check ports 50000-50010 from a third-party client outside the 192.168.0.0 network, then the ports are open, everything is ok.

But when accessing from the 202.3 machine either to the external ip of the server, or via the one.baremetal.com subdomain, the ports are closed. Those. I can only get to a neighboring virtual machine on the same subnet at 192.168.202.2.

How to fix the configuration so that 202.3 can access 202.2 not only by internal address, but also by subdomain and external ip?

Configs:
On the server in the zone file (bind), the subdomain refers to the external ip
one.baremetal.com. IN A 12.34.56.78
I tried to specify 192.168.202.2, but then the subdomain does not resolve from the external network.

Also on the server in the nginx config (as a proxy):

server {
  server_name one.baremetal.com;
  location / {
    proxy_pass http://192.168.202.2:50010;  # тут веб-сервер
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_cookie_domain www.$host $host;
    }

I tried proxy_pass 192.168.202.2 without specifying a port - it doesn't work.

On the server, when starting the virtual machine 202.2, a routing rule is added to iptables

/sbin/iptables -t nat -I PREROUTING -p tcp --dport 50000:50010 -j DNAT --to 192.168.202.2:50000:50010