There is nothing in Zabbix that would restrict access. Check network firewall rules, host firewalld/iptables rules and/or nginx allow/deny list. You can use tcpdump on the host to see if traffic gets that far or not.

Actually, I've found the problem. It is in user role default definitions. I've used my own newly created account. Joined it into Zabbix administrators group. Then tested it locally and remotely. Locally it was ok, remotely - not, it shows Web UI with no 'Configuration' and 'Administration' menu, with no any hosts in monitoring I've previously entered.
Then I've realized that default 'Zabbix administrators' role has no allowed 'host groups' by default, being defined in user groups as 'System defaults' in Frontend access setting:
Administration -> User groups -> UG Zabbix administrators group -> Permissions -> 'All groups' : none.
Changed it by 'Select'-> choosed all groups -> Select button -> R-W -> Add -> Update
So it works now ok with the same new user inside and outside the LAN network.
Do not know why it was ok in LAN, m.b. I was still staying as default Admin who is in 'Zabbix super administrators' role and have all host groups allowed by default.

Guess, it could be a good idea to change defaults for Administrators UG. Strange decision to get an administrator with no access to hosts. It is a source of confusions and time loss on looking around in firewall, NAT, DB settings, etc - 'Administrator' role definitely looks like already properly defined.

Also, would be really good to set default UG Users with Read access to host groups defined. As for now it is only non-configured Admistrators and same way blocked Guests.
So, people will might have at least minimal mechanism to create proper admins and users in the early beginning implementation stage .