Share Time Machine disk to WAN through my Asus router
It would be really nice to properly forward Bonjour or whatever is allowing it to be visible in the Finder sidebar (have already tried forwarding 1900,5300,5351,5353 to 192.168.2.2.
This is not how Bonjour/Zeroconf was intended to function.
Bonjour only works within a single broadcast domain, which is usually a small area, without special DNS configuration. macOS, Bonjour for Windows and AirPort Base Stations may be configured to use Wide Area Bonjour which allows for wide area service discovery via an appropriately configured DNS server.
Emphasis mine.
Bonjour is a broadcast protocol meaning while on the subnet, it will broadcast out a message to see who responds. The key here is that it doesn't know the IP addresses of any machine (service) until it responds back. That's how Finder puts it in the sidebar as you describe.
You can't just enable Bonjour on the WAN or the Internet for that matter. MIT's IT knowledgebase sums it up:
"While ZEROCONF and Bonjour work well on home or small business networks, they are not compatible with large enterprise networks which can frequently have thousands of devices in the same wireless address space. ZEROCONF relies on multicast traffic to discover devices on the network, which exhibits crippling performance and load issues on large enterprise network implementations. Even if it were enabled on the network, results would be slow to return and potentially return lists of hundreds of devices to choose from, which can be unmanageable on devices such as iPhones or iPads."
Just for the sake of argument... if you were able to send out your broadcast packets over the Internet (via WAN), your ISP would most certainly block it because of the massive amount of traffic you would be generating.
Bonjour is basically DNS
It not about port forwarding "Bonjour." It's much more than that. Currently, you don't "port forward" DNS ports. Bonjour is a "DNS method".
You don't port forward DNS from your ISP to your computers so you can look up a domain. Your router either assigns the DNS servers during DHCP so you can query hosts/domains directly or acts as a relay to forward them to the actual DNS servers.
What does this mean?
(Remember the emphasized text at the beginning of this answer?) Technically speaking, you can get Bonjour to search another domain by adding that domain record into DNS (you're telling Bonjour to go search somewhere else). However, it requires the following:
- An Authoritative DNS Server you control
- Manually adding Bonjour to that Server
- Setting up a Bonjour Name Server
If this is something you're willing to do, then start with learning BIND.
Connecting to Time Machine Shares
To connect to an internal AFP share so you can "Time Machine" across the network, you need to open those ports. See: What ports need to be open for netatalk to work as a Time Machine server on my LAN?
In my cursory reading of the Asus router manual, (IMO) it's not capable of this level port forwarding.
Personally, I would set up a VPN between to the two networks, routing all traffic through the VPN thus making it my subnet. Bonjour traffic will traverse the VPN "autodiscovering" everything. AFP will be immediately accessible as all traffic traverses the VPN without impediment of the firewall; meaning no port forwarding.
Bottom Line
This is not an effective nor productive solution. Time Machine was designed to work on the local network. Backups to a network connected Time Capsule over Gigabit can take hours. Significantly longer over WiFi. Connecting over the Internet at speeds that sometimes don't even reach 1/10 of that speed would take an eternity.
To get Bonjour service discovery setup to connect an AFP share to share a Time Capsule will require a ton of expended effort for hardly any results, if at all.