Setting up SG-1100 Netgate with AT&T BGW210

Recording this so I remember in the future:

I connect to the internet through an AT&T BGW210. Behind that sits an SG-1100 Netgate (pfSense). Behind that is my PC (plugged into Netgate LAN port) and my Google Wifi (plugged into Netgate OPT port). Netgate WAN plugs into BGW210.

Google Wifi is set to Bridge mode, meaning it will not assign IPs but will let Netgate do that.

With my PC connected directly to AT&T BGW210:
To set up AT&T: http://192.168.1.254

I set Wi-Fi (2.4 and 5 GHz) off, because I will be going through Google Wifi instead.

Once that is done, I plug the PC into the Netgate LAN port (and unplug Netgate WAN) and from a Command Prompt, type ipconfig/renew to get my new Netgate IP.

I set the IP to 172.16.1.1/24 (using Netgate setup wizard by first connecting to https://192.168.1.1) and then plug the WAN into AT&T.

Out of the box, Netgate LAN port is set up but the OPT port is turned off. Let’s turn it on.

To set up Netgate: https://172.16.1.1
To turn on the Netgate OPT port:

Interfaces > OPT
Enable: Checked
IPv4 Config Type: Static IPv4
IPv4 Address: 172.16.2.1/24

Services > DHCP Server > OPT
Enable: Checked
Range: 172.16.2.10 to 172.16.2.245

Firewall > Rules > OPT > Add
Action: Pass
Protocol: Any
Source: OPT net
Description: Default allow OPT to any rule

Now install ad block software:

System > Package Manger > Available Packages > pfBlockerNG
Install pfBlockerNG-devel

Firewall > pfBlockerNG
Make sure to select LAN and OPT for Outbound Firewall Interface

Firewall > pfBlockerNG > General
CRON Settings: Once a day

Firewall > pfBlockerNG > DNSBL > DNSBL Category (Optional)
Blacklist Category: Enable
Blacklists: Select Shallalist
Shallalist: Check Advertisements

Firewall > pfBlockerNG > Update > Run
It should download the new Shallalist.

Hopefully everything works. If you cannot talk to your Netgate, try directly connecting to it through USB. I used PuTTY to COM3 Speed 115200.

Addendum: I have a NAS connected to the BGW210. In order to see that from behind the Netgate, I added:

DNS Resolver > Host Override Options
Host: WDMyCloud
Domain: localdomain
IP Address: 192.168.1.65

On the BGW210 I went to Home Network > IP Allocation, and added 192.168.1.65 as a Fixed Allocation so the device would always be at that IP. Now I can use File Explorer to \\WDMyCloud.