You have created a webhook in Bitbucket to call a Jenkins URL. You create the triggering event in the repository (e.g., by pushing code or creating a pull request). The build associated with the Jenkins URL does not start.
You manually tested the Jenkins URL, bypassing Bitbucket, with curl -X POST. The invocation successfully starts the build.
In the Bitbucket logs you see "Connection refused" or "403 Forbidden" errors when the triggering event happens to the given repository (configured with the webhook).
It seems as though the source server is different and potentially causing the problem (e.g, by virtue of its IP address). You do not think, but are not sure, that Jenkins has an authentication mechanism to differentiate the source IP address or other attributes about the source of the HTTP invocation to the URL.
What should you do to get Bitbucket to call the same URL?
Install and configure a Jenkins plugin that facilitates the integration with Bitbucket. Configure a Bitbucket server system-wide (in the Manage Jenkins section) of the Jenkins server.
Bitbucket with a manually-configured Jenkins URL can lead to 403 Forbidden errors that are not easily reproducible in other contexts. The Bitbucket invocation of the URL is not like a curl POST command or a wget command with respect to some crucial details of the REST API functionality.