port forwarding to an ethernet connected device

@flatlander3​ I hadj it set with a DHCP address originally.  I changed it to static IP to see if that would make a difference.  It didn't.    I fail to see how controlling it with a phone app makes a difference... and regardless it's what is available.    They don't offer another option.

@jdport​ Yeah.  That's the problem.  The config you set with a "phone app" ends up in a database, and then is supposed to somehow propagate to your equipment -- by some means.

Does it?  Meh.  Sometimes. Looks like their default solution is to swap hardware when it doesn't work, or the database gets wrapped around the axle.

A larger question is do you want a 3rd party to have access to your equipment, and be able to blow holes in it's local firewall using the least secure device you own -- a phone. 

Ive had port forwarding errors for two days now. I tried a bit earlier again, just trying anything and it forwarded on UDP which is not what I needed of course. Would that be an indicator opf something wrong on my end or still a comcast issue?

Im looking into how to set up a DMZ via another router and just take these clowns out of the loop.

@crashdavis​ It's a comcast issue going on 3 generations of broken hardware that doesn't work well with their whole 'control it with a phone app' issues.  You'll either hit the problem, or you won't, or it will pop up out of the blue when you try to change something, then it won't work. 

I think it's a larger infrastructure problem they either can't fix, or don't want to fix, or maybe they figure it's a customer engagement opportunity to up sell services so they don't want to fix it.  In any case, a malfunctioning piece of equipment does nothing for you, and worse, is costing you $14-15 month to rent a problem with dubious security "features".

If you are going to expose anything to the internet by blowing holes in your firewall, or are going to run "naked" in a DMZ, you really need "some means" to protect it, or you'll be one of the hijacked machines bombing my firewall constantly.  Plenty of hijacked grandma machines running win 7 on this network already.  Network isolation of the exposed machine is preferred, so physical separation from your other gear with another hardwired subnet that has no routing to the rest of your stuff, or extremely locked own communication to the rest of your stuff with firewall rules is a good idea.  Firewall distributions can do it (their hardware or yours -- pfsense/opnsense/firewalla etc).  Some routers with better feature sets can do it.  You can build your own firewall if you don't mind a little learning curve with a Linux or BSD box and make your own.  Your call. 

@flatlander3​ 

Thank you for being the voice of reason here. Yes, the phone as an app is VERY problematic and double yes--upselling is the game. Introduce a problem disguised as a solution, create a pain point or "friction" and exploit the opportunity every time.