Found the reason, and leaving it for anyone who searches for similar log.
Our metircs-server which was using 4443 port with hostnet occured k3s tunnel auth error, which directly connected to remotedialer authorized error -> casuing "connect not allowed" log for worker.
Running rke2 agent --debug mode helped solving this problem.