My Asus Router (Blue Cave) has the ability to let its disk act as a Time Machine capsule. For computers on its LAN, that works just fine. You can see the disk advertised (via Bonjour?) in the sidebar of Finder, select it via Time Machine, and back up.
Upstream from the Asus router and its LAN is another Mac, which provides them internet. The WAN IP for the router is 192.168.2.2 and its parent Mac has the IP 192.168.1.2. On parent mac, I mount afp://router.wan.ip, but can't just mount it without hassle from the Bonjour advertisement.
I'm having a lot of trouble backing up to the disk from both simultaneously. It's as if mounting on the one "steals" the disk from the other. They end up telling me they want to do a new backup and they don't have access to delete their .sparsebundle.purgeable and I should probably run first aid on the disk.
Per @klanomath's request, the network architecture is as follows:
modem to internet (internet IP space)
wired router (192.168.1.1/24)
mac mini (192.168.1.2) sharing internet via pf static NAT
network adapter (en4) (192.168.2.1)
asus w/ network disk (192.168.2.2, serving 192.168.3.0/24)
macbook (192.168.3.251)
Best Answer
This is not how Bonjour/Zeroconf was intended to function.
Emphasis mine.
Bonjour is a broadcast protocol meaning while on the subnet, it will broadcast out a message to see who responds. The key here is that it doesn't know the IP addresses of any machine (service) until it responds back. That's how Finder puts it in the sidebar as you describe.
You can't just enable Bonjour on the WAN or the Internet for that matter. MIT's IT knowledgebase sums it up:
Just for the sake of argument... if you were able to send out your broadcast packets over the Internet (via WAN), your ISP would most certainly block it because of the massive amount of traffic you would be generating.
Bonjour is basically DNS
It not about port forwarding "Bonjour." It's much more than that. Currently, you don't "port forward" DNS ports. Bonjour is a "DNS method".
You don't port forward DNS from your ISP to your computers so you can look up a domain. Your router either assigns the DNS servers during DHCP so you can query hosts/domains directly or acts as a relay to forward them to the actual DNS servers.
What does this mean?
(Remember the emphasized text at the beginning of this answer?) Technically speaking, you can get Bonjour to search another domain by adding that domain record into DNS (you're telling Bonjour to go search somewhere else). However, it requires the following:
If this is something you're willing to do, then start with learning BIND.
Connecting to Time Machine Shares
To connect to an internal AFP share so you can "Time Machine" across the network, you need to open those ports. See: What ports need to be open for netatalk to work as a Time Machine server on my LAN?
In my cursory reading of the Asus router manual, (IMO) it's not capable of this level port forwarding.
Personally, I would set up a VPN between to the two networks, routing all traffic through the VPN thus making it my subnet. Bonjour traffic will traverse the VPN "autodiscovering" everything. AFP will be immediately accessible as all traffic traverses the VPN without impediment of the firewall; meaning no port forwarding.
Bottom Line
This is not an effective nor productive solution. Time Machine was designed to work on the local network. Backups to a network connected Time Capsule over Gigabit can take hours. Significantly longer over WiFi. Connecting over the Internet at speeds that sometimes don't even reach 1/10 of that speed would take an eternity.
To get Bonjour service discovery setup to connect an AFP share to share a Time Capsule will require a ton of expended effort for hardly any results, if at all.