This topic describes how to access an Apsara File Storage NAS file system from a data center by using a NAT gateway.

Background information

You can mount a file system only on an ECS instance that resides in the same region as the file system. For example, a Network File System (NFS) or Server Message Block (SMB) file system that you create in the China (Hangzhou) region can be mounted only on an ECS instance that resides in the China (Hangzhou) region. You cannot mount the file system on an ECS instance that resides in a different region such as the China (Qingdao) region or on a local server. To implement a file system mount across regions or in a data center, you must use Express Connect to establish a connection between Virtual Private Clouds (VPCs) or between a VPC and a data center. However, this connection significantly increases the cost of mounting the file system.

If a VPN gateway is deployed in your data center, we recommend that you use Alibaba Cloud VPN Gateway to connect your data center to NAS. For more information, see Access an Apsara File Storage NAS file system from a local data center by using VPN Gateway.

If you only need to upload a small amount of data from your data center to NAS, we recommend that you use NAT Gateway to establish a connection.

The following figure shows the network topology that is adopted when NAT Gateway is used to establish a connection between a data center and NAS. Topology
  • Advantage: easy to configure
  • Disadvantage:
    • In terms of security, a user who has an Elastic IP address (EIP) can create a mount target that relates to the EIP because connections are established between EIPs and VPCs.
    • Each combination of an EIP and port can be specified only for one mount target. If you want to access multiple mount targets at the same time, you must create multiple EIPs.

Create a file system and a mount target

  1. Log on to the NAS console.
  2. Create a file system. For more information, see Create a General-purpose NAS file system in the NAS console.
  3. Create a mount target in a VPC. For more information, see Create a mount target.

Configure a NAT gateway

You can perform the following steps to mount a NAS file system on a Windows or Linux host that is connected to the Internet. After the file system is mounted, you can upload files to or download files from the file system on the host.

  1. Log on to the VPC console.
  2. Create a NAT gateway. For more information, see Create an Internet NAT gateway.
    Note The VPC in which the NAT gateway resides must be same as the VPC in which the NAS file system resides.
  3. Bind an EIP to the NAT gateway For more information, see Apply for an EIP.
  4. Create a DNAT entry. For more information, see Create a DNAT entry on an Internet NAT gateway.

    You must set the following parameters:

    • Public IP Address: specifies the public IP address that is generated when you create an EIP.
    • Private IP Address: specifies the IP address of the mount target for the file system.

      To obtain the IP address, you can ping the mount target from the ECS instance on which the file system is mounted.

      ping file-system-id.region.nas.aliyuncs.com
    • Port: We recommend that you select All Ports. You can also select a port for your NFS or SMB file system.
  5. Mount the file system.
    Note
    • To mount an NFS file system, you must first install an NFS client. For more information, see Install an NFS client.
    • Before you mount an SMB file system, make sure that the Workstation and TCP/IP NetBIOS Helper services are started in the Windows system on which you want to mount the SMB file system. For more information, see Start the Workstation and TCP/IP NetBIOS Helper services.
    • The default port 445 of the SMB protocol is a high-risk port. By default, the port is disabled by your internet service provider (ISP). If you want to access NAS from a data center by using NAT Gateway over the Internet, you must configure port forwarding in the data center. Procedure:
      1. Configure a DNAT entry to map Port 445 of NAS to Port 4456 for the EIP of a NAT gateway.
      2. Run the netsh tool on a local Windows client to forward network traffic from Port 445 to Port 4456.
      3. Mount the file system.
    • If you want to mount an NFS file system, run the following command:
      mount -t nfs4 10.10.10.1:/ /mnt
      • 10.10.10.1 is the public IP address that is generated when you create an EIP. Replace the IP address based on your business requirements.
      • /mnt is the directory on which you want to mount the file system. Replace the directory based on your business requirements.
    • If you want to mount an SMB file system, run the following command:
      net use D: \\10.10.10.1\myshare
      • D: is the letter of the destination drive on which you want to mount a file system. Replace the drive letter based on your business requirements.
      • 10.10.10.1 is the public IP address that is generated when you create an EIP. Replace the IP address based on your business requirements.
      • myshare is the name of the shared SMB directory. You cannot change the name.
  6. Verify the mount result.
    • NFS file system

      If the result that is similar to the following information appears after you run the mount command, the mount is successful. You can read data from and write data to the files of the NFS file system.

      Mount result
    • SMB file system

      If you can access the SMB file system from your local file manager, the mount is successful. You can read data from and write data to the files of the SMB file system.

      Mount result

Differences between the NAT Gateway solution and the VPN Gateway solution

The following table describes the differences between the two solutions.

Item NAT Gateway solution VPN Gateway solution
Configuration Easy: You can configure all settings in the Alibaba Cloud Management Console. Complex: You must configure a VPN gateway in the Alibaba Cloud console and configure a client-side VPN gateway in a data center.
Data security Low High
Flexibility Low. Each EIP can be mapped to only one mount target. High. You can access all NAS mount targets at the same time. EIPs are not required in this solution.
Scenarios Establish temporary connections to transfer a small amount of data. Establish a long-term connection between a data center and NAS.