Mounting fileshares on clients in a remote network

This tutorial shows you how to mount a Cloud Filestore fileshare on a remote client, which can be a Compute Engine VM on a different VPC network or a non-GCP VM or terminal.

You cannot access Cloud Filestore fileshares from the Internet or directly through a VPN. Cloud Filestore fileshares are designed to be mounted on only Compute Engine VMs. However, it is possible to mount a fileshare on a remote client by using a Compute Engine VM as a proxy.

To do this, you need to:

  • Establish a VPN connection between the network of the remote client and the VPC network of the Cloud Filestore instance.
  • Configure a Compute Engine VM on the same VPC network to forward NFS packets to the Cloud Filestore instance.
  • Connect the remote client to the Compute Engine VM to mount the fileshare of the Cloud Filestore instance on the remote client.

Caveats

This solution has several caveats:

  • The proxy VM is a single-point-of-failure. If it goes down, the remote client can no longer access the fileshare.
  • The proxy VM is a performance bottleneck because it forwards all NFS traffic between the remote client and Cloud Filestore instance.
  • File locking does not work.

Objectives

  • Configure a Compute Engine VM to forward NFS packets from a remote client to a Cloud Filestore instance.
  • Mount a Cloud Filestore fileshare on a remote client.

Costs

This tutorial uses billable components of Google Cloud Platform, including:

  • Compute Engine VM instance
  • Cloud VPN
  • Cloud Filestore instance

Use the pricing calculator to generate a cost estimate based on your projected usage. New GCP users might be eligible for a free trial.

Before you begin

  1. 登录您的 Google 帐号。

    如果您还没有 Google 帐号,请注册新帐号

  2. 选择或创建 Google Cloud Platform 项目。

    转到“管理资源”页面

  3. 确保您的 Google Cloud Platform 项目已启用结算功能。

    了解如何启用结算功能

Create the proxy VM

The proxy VM is a Linux Compute Engine VM that forwards NFS packets between the remote client and the Cloud Filestore instance. It must be on the same VPC network as the Cloud Filestore instance.

To learn how to create a Linux Compute Engine VM, see Quickstart Using a Linux VM.

Create a Cloud Filestore instance

Create a Cloud Filestore instance on the same VPC network as the proxy VM.

Configure forwarding on the proxy VM

  1. Go to the VM instances page
  2. Locate the proxy VM and click SSH to open a terminal on that VM.
  3. Install iptables by running the following commands:

    Debian/Ubuntu

        sudo apt-get install iptables
    

    RHEL/CentOS

        sudo yum install iptables
    

    SUSE

        sudo zypper -n install iptables
    
  4. Forward the NFS packets destined to the Cloud Filestore instance by running the following commands on the proxy VM:

    sudo iptables -A PREROUTING -t nat -i enp0s4 -p tcp --dport 111 -j DNAT --to [FILESTORE_IP_ADDRESS]:111
    sudo iptables -A PREROUTING -t nat -i enp0s4 -p tcp --dport 2049 -j DNAT --to [FILESTORE_IP_ADDRESS]:2049
    sudo iptables -A PREROUTING -t nat -i enp0s4 -p tcp --dport 2050 -j DNAT --to [FILESTORE_IP_ADDRESS]:2050
    sudo iptables -A FORWARD -p tcp -d [FILESTORE_IP_ADDRESS] --dport 111 -j ACCEPT
    sudo iptables -A FORWARD -p tcp -d [FILESTORE_IP_ADDRESS] --dport 2049 -j ACCEPT
    sudo iptables -A FORWARD -p tcp -d [FILESTORE_IP_ADDRESS] --dport 2050 -j ACCEPT
    sudo sysctl net.ipv4.ip_forward=1
    sudo iptables -t nat -A POSTROUTING -j MASQUERADE
    

    where [FILESTORE_IP_ADDRESS] is the IP address of the Cloud Filestore instance that the proxy VM is forwarding to.

    The ports forwarded are:

    • 111: portmapper
    • 2049: nfs
    • 2050: mountd

Establish a VPN connection between the network of the remote client and the VPC network of the proxy VM

Before you can mount the Cloud Filestore fileshare on a remote client, you must establish a VPN connection between the network of the remote client and the VPC network of the Cloud Filestore instance and proxy VM.

Configure the VPN gateway and tunnel on GCP

Create an HA VPN. For detailed instructions, see Creating an HA VPN gateway to a Peer VPN gateway.

Configure the VPN gateway and tunnel on the remote network:

Mount the Cloud Filestore fileshare on the remote client

  1. Create a mount point directory on the remote client:

    sudo mkdir -p [MOUNT_POINT_DIRECTORY]
    

    where [MOUNT_POINT_DIRECTORY] is the path where you want to map the Cloud Filestore fileshare to.

  2. Mount the Cloud Filestore instance on your client on a remote network by running the following command on the remote client:

    sudo mount [PROXY_IP_ADDRESS]:/[FILESHARE]/[FILESHARE_SUB_DIR] [MOUNT_POINT_DIRECTORY]
    

    where:

    • [PROXY_IP_ADDRESS] is the IP address for the proxy instance.
    • [FILESHARE] is the name of the fileshare on the Cloud Filestore instance.
    • [FILESHARE_SUB_DIR] is the path of the fileshare subdirectory that you want to mount. Leave this blank if you want to mount the entire fileshare.
    • [MOUNT_POINT_DIRECTORY] is the path on the remote client where you want to map the Cloud Filestore fileshare to.

    Example: The following command mounts fileshare vol1 on a Cloud Filestore instance being forwarded to a Linux Compute Engine VM with IP address 34.68.144.226 to mount point directory /mnt/test on the remote client:

    sudo mount 34.68.144.226:/vol1 /mnt/test
    
  3. Confirm that your configuration works by running the following command on the remote client:

    ls [MOUNT_POINT_DIRECTORY]
    

    where [MOUNT_POINT_DIRECTORY] is the path of the mount point directory.

    From the previous example, the command would be:

    ls /mnt/test
    

    If the fileshare is mounted successfully on the remote client, the system will return the results of the ls command.

Troubleshooting

You can troubleshoot by running tcpdump on the proxy VM to check if the NFS packets are being forwarded:

  1. Install tcpdump:

    Debian/Ubuntu

        sudo apt-get install tcpdump
    

    RHEL/CentOS

        sudo yum install tcpdump
    

    SUSE

        sudo zypper -n install tcpdump
    
  2. Run the following command to display the packets being transmitted or received by the proxy VM, except SSH and HTTP packets:

    sudo tcpdump -p -n not port 22 and not port 80
    

Cleaning up

After you've finished the Mounting fileshares on clients in a remote network tutorial, you can clean up the resources that you created on GCP so they won't take up quota and you won't be billed for them in the future. The following sections describe how to delete or turn off these resources.

Deleting the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. 在 GCP Console 中,转到“项目”页面。

    转到“项目”页面

  2. 在项目列表中,选择要删除的项目,然后点击删除
  3. 在对话框中输入项目 ID,然后点击关闭以删除项目。

Deleting Compute Engine instances

To delete a Compute Engine instance:

  1. 在 GCP Console 中,转到“虚拟机实例”页面。

    转到“虚拟机实例”页面

  2. 点击 要删除的实例旁边的复选框。
  3. 点击页面顶部的删除按钮以删除实例。

Deleting Cloud Filestore instances

  1. Go to the Cloud Filestore instances page
  2. Click the instance ID to open the instance details page.
  3. Click Delete.
  4. When prompted, type the instance ID and click Delete .

Deleting Cloud VPN tunnels

  1. Go to the Cloud VPN page
  2. Click the Cloud VPN tunnels tab
  3. Click on the name of the tunnel and click Delete .

What's next

发送以下问题的反馈:

此网页
Cloud Filestore