This document introduces how to access NAS using the NAT Gateway for scenarios involving mounting a file system in NAS from your local IDC or VPCs if they are located in different regions.


When using NAS, a file system (NFS) created within a region can only be mounted on ECS instances within the same region. ECS instances in different regions, and servers in your own IDC, are not allowed to mount the file system directly.

To mount a file system on ECS instances in different regions, or on your IDC servers, you can use Express Connect between different VPCs or between the IDC and the VPC. While Express Connect is suitable for long-term connection, deploying Express Connect may be costly for some users.

A more cost-effective solution for uploading small amounts of offline data to NAS is to use the NAT Gateway to access Alibaba Cloud NAS from the Internet.


  • If the EIP and VPC are connected, any user who obtains the EIP can use the mount point corresponding to the EIP without any additional permissions required.

  • Each EIP and port can only be mapped to one mount point. Therefore, multiple EIP addresses are required to visit multiple mount points at the same time.

Network architecture

The following figure shows the network architecture of using a NAT Gateway to access Alibaba Cloud NAS from the Internet.

The architecture is implemented as follows:

  1. Create a NAS file system, and add a mount point for the file system.
  2. Create a NAT gateway, and add a bandwidth package for the NAT gateway to get an EIP address.
  3. Add DNAT forwarding entries for the NAT gateway.


  1. Create a file system in the NAS console.
  2. Add a mount point for the file system. Note that you must create a VPC mount point to support the use of NAT.
  3. Connect to your ECS instance, and ping the mount point address to get the mount point IP address. An example output is as follows:

  4. Create a NAT gateway.
  5. Bind an EIP then add the bandwidth package to the NAT gateway.
  6. Add a DNAT entry to create a DNAT entry.
    • For Public IP, select the EIP created in Step 5.
    • For Private IP, enter the mount point IP address you want to access.
    • For Port Settings, select All ports. You can also select the ports needed by the NFS or SMB protocols.
  7. Verify the NFS mounting. Configure the DNAT to an NFS mount point. Example outputs are as follows: