Mounting file shares on clients in a remote network

This tutorial shows you how to mount a Cloud Filestore file share on a remote client, which can be a Compute Engine VM on a different VPC network or a non-Google Cloud VM or terminal.

You cannot access Cloud Filestore file shares from the Internet or directly through a VPN. Cloud Filestore file shares are designed to be mounted on only Compute Engine VMs. However, it is possible to mount a file share on a remote client by using a Compute Engine VM as a proxy.

To do this, you need to:

  • Establish a VPN connection between the network of the remote client and the VPC network of the Cloud Filestore instance.
  • Configure a Compute Engine VM on the same VPC network to forward NFS packets to the Cloud Filestore instance.
  • Connect the remote client to the Compute Engine VM to mount the file share of the Cloud Filestore instance on the remote client.

Caveats

This solution has several caveats:

  • The proxy VM is a single-point-of-failure. If it goes down, the remote client can no longer access the file share.
  • The proxy VM is a performance bottleneck because it forwards all NFS traffic between the remote client and Cloud Filestore instance.
  • File locking does not work.

Objectives

  • Configure a Compute Engine VM to forward NFS packets from a remote client to a Cloud Filestore instance.
  • Mount a Cloud Filestore file share on a remote client.

Costs

This tutorial uses billable components of Google Cloud, including:

  • Compute Engine VM instance
  • Cloud VPN
  • Filestore instance

Use the pricing calculator to generate a cost estimate based on your projected usage. New Google Cloud users might be eligible for a free trial.

Before you begin

  1. 登录您的 Google 帐号。

    如果您还没有 Google 帐号,请注册新帐号

  2. 在 GCP Console 的项目选择器页面上,选择或创建 GCP 项目。

    转到项目选择器页面

  3. 确保您的 Google Cloud Platform 项目已启用结算功能。 了解如何确认您的项目已启用结算功能

Create the proxy VM

The proxy VM is a Linux Compute Engine VM that forwards NFS packets between the remote client and the Cloud Filestore instance. It must be on the same VPC network as the Cloud Filestore instance.

To learn how to create a Linux Compute Engine VM, see Quickstart Using a Linux VM.

Create a Cloud Filestore instance

Create a Cloud Filestore instance on the same VPC network as the proxy VM.

Configure forwarding on the proxy VM

  1. Go to the VM instances page
  2. Locate the proxy VM and click SSH to open a terminal on that VM.
  3. Install iptables by running the following commands:

    Debian/Ubuntu

        sudo apt-get install iptables
    

    RHEL/CentOS

        sudo yum install iptables
    

    SUSE

        sudo zypper -n install iptables
    
  4. Forward the NFS packets destined to the Cloud Filestore instance by running the following commands on the proxy VM:

    sudo iptables -A PREROUTING -t nat -i network-interface -p tcp --dport 111 -j DNAT --to filestore-ip-address:111
    sudo iptables -A PREROUTING -t nat -i network-interface -p tcp --dport 2049 -j DNAT --to filestore-ip-address:2049
    sudo iptables -A PREROUTING -t nat -i network-interface -p tcp --dport 2050 -j DNAT --to filestore-ip-address:2050
    sudo iptables -A FORWARD -p tcp -d filestore-ip-address --dport 111 -j ACCEPT
    sudo iptables -A FORWARD -p tcp -d filestore-ip-address --dport 2049 -j ACCEPT
    sudo iptables -A FORWARD -p tcp -d filestore-ip-address --dport 2050 -j ACCEPT
    sudo sysctl net.ipv4.ip_forward=1
    sudo iptables -t nat -A POSTROUTING -j MASQUERADE
    

    where:

    • filestore-ip-address is the IP address of the Cloud Filestore instance that the proxy VM is forwarding to.
    • network-interface is the name of the network interface on the proxy VM, such as eth0. To get the name of the network interface, run the following command on the proxy VM:

      sudo ifconfig
      

    The ports forwarded are:

    • 111: portmapper
    • 2049: nfs
    • 2050: mountd

Establish a VPN connection between the network of the remote client and the VPC network of the proxy VM

Before you can mount the Cloud Filestore file share on a remote client, you must establish a VPN connection between the network of the remote client and the VPC network of the Cloud Filestore instance and proxy VM.

Configure the VPN gateway and tunnel on Google Cloud

Create an HA VPN. For detailed instructions, see Creating an HA VPN gateway to a Peer VPN gateway.

Configure the VPN gateway and tunnel on the remote network:

Mount the Cloud Filestore file share on the remote client

  1. Create a mount point directory on the remote client:

    sudo mkdir -p mount-point-directory
    

    where mount-point-directory is the path where you want to map the Cloud Filestore file share to.

  2. Mount the Cloud Filestore instance on your client on a remote network by running the following command on the remote client:

    sudo mount proxy-ip-address:/file-share/[file-share-sub-dir] mount-point-directory
    

    where:

    • proxy-ip-address is the IP address for the proxy instance.
    • file-share is the name of the file share on the Cloud Filestore instance.
    • file-share-sub-dir is the path of the file share subdirectory that you want to mount. Leave this blank if you want to mount the entire file share.
    • mount-point-directory is the path on the remote client where you want to map the Cloud Filestore file share to.

    Example: The following command mounts file share vol1 on a Cloud Filestore instance being forwarded to a Linux Compute Engine VM with IP address 34.68.144.226 to mount point directory /mnt/test on the remote client:

    sudo mount 34.68.144.226:/vol1 /mnt/test
    
  3. Confirm that your configuration works by running the following command on the remote client:

    ls mount-point-directory
    

    where mount-point-directory is the path of the mount point directory.

    From the previous example, the command would be:

    ls /mnt/test
    

    If the file share is mounted successfully on the remote client, the system will return the results of the ls command.

Troubleshooting

You can troubleshoot by running tcpdump on the proxy VM to check if the NFS packets are being forwarded:

  1. Install tcpdump:

    Debian/Ubuntu

        sudo apt-get install tcpdump
    

    RHEL/CentOS

        sudo yum install tcpdump
    

    SUSE

        sudo zypper -n install tcpdump
    
  2. Run the following command to display the packets being transmitted or received by the proxy VM, except SSH and HTTP packets:

    sudo tcpdump -p -n not port 22 and not port 80
    

Cleaning up

After you've finished the Mounting file shares on clients in a remote network tutorial, you can clean up the resources that you created on GCP so they won't take up quota and you won't be billed for them in the future. The following sections describe how to delete or turn off these resources.

Deleting the project

The easiest way to eliminate billing is to delete the project that you created for the tutorial.

To delete the project:

  1. In the Cloud Console, go to the Manage resources page.

    Go to the Manage resources page

  2. In the project list, select the project that you want to delete and then click Delete .
  3. In the dialog, type the project ID and then click Shut down to delete the project.

Deleting Compute Engine instances

To delete a Compute Engine instance:

  1. In the Cloud Console, go to the VM Instances page.

    Go to the VM Instances page

  2. Click the checkbox for the instance you want to delete.
  3. Click Delete to delete the instance.

Deleting Cloud Filestore instances

  1. Go to the Cloud Filestore instances page
  2. Click the instance ID to open the instance details page.
  3. Click Delete.
  4. When prompted, type the instance ID and click Delete .

Deleting Cloud VPN tunnels

  1. Go to the Cloud VPN page
  2. Click the Cloud VPN tunnels tab
  3. Click on the name of the tunnel and click Delete .

What's next