setup port forwarding for RDP

Your Xfinity gateway is not in bridge mode if you are getting a 10.0.0.x address on your Verizon router.  Your gateway is still running a dhcp server.  If bridge mode was working on the Xfinity gateway, you'd get the external public IP address on the Verizon router -- that's IF you can use an Ethernet port on it for WAN.   

What you are currently doing with it is a "double nat".  You can do that with a regular Ethernet router, I'm just not sure of how your Verizon router works and if it's expecting the WAN to be a cell link.  With a double nat, you'd have to create a port forward on the Xfinity gateway to point to your other Ethernet router, then another rule on the Ethernet router to point to your PC.  That's a bit of a convoluted mess unless it's really intentional, and you'd have to look at the manual of your Verizon router to see if it's even possible to use the Ethernet ports that way. I would guess not.

Likely, the Verizon is just acting as a switch right now since your gateway appears to not be in bridge mode.  Traffic is just going across the switch and has nothing to do with your Verizon port forward rules.  Possibly, you've got two dhcp servers facing each other.  That's not good.  Your picture changes:

        PC  -->  

                   | ---> Xfinity --> Internet

Verizon -->

If your goal is a port forward, pull the Verizon out.  A real common problem with Xfinity gateways from users here are their port forwards don't work (other settings too including setting bridge mode).  Why?  Dunno.  The app is supposedly supposed to talk to a backend server.....and then those settings are supposed to.....somehow....get pushed to your gateway.  But then, when it doesn't work, people are stuck.

Nobody seems to have a good workaround for either resetting the app, the gateway, or both, or has come up with a procedure to get it working again and Xfinity isn't talking.  Perhaps they have to stomp on the database from their end when it gets wrapped around the axle.  3rd party gateways don't have this issue.  You just change the settings from a local internal web interface and it's done.

You might have to go through the Xfinity chat to get some help with it.

By the way.  RDP directly exposed to the internet is a really bad idea.  Microsoft doesn't recommend it and warns about it.  IT people just cringe.  You're asking for trouble.  Run a VPN server yourself instead.  Both Wireguard and OpnVPN are free and will offer at least "some" protection for an open port.  VPN in from the outside, then you can access RDP on your windoz box.

Well that was odd.  Looks like the bot ate my last post so I'll try it again.  Perhaps you'll get the same answer twice.  Perhaps I said a bad word and it's just blocked.

First, you've got two battling DHCP servers active on different subnets without VLAN routing capability.  This is going to cause all kinds of issues like arp storms, network config issues, and state table problems.   It's not helpful.  It's likely to cause future issues.  Ditch the Verizon.  Set the laptop to DHCP and reboot it to clear out the arp and state tables.

The Ethernet problem is either going to be a bad gateway port, crossover cable auto-mdix swapping pairs constantly, or auto-speed bouncing constantly.  You could verify that with an oscilloscope, but it's likely just a marginal cable.   If that doesn't work, try a different port on the gateway.  It's less likely it's the laptop.  I've seen very few fail.  Gateway might have flaky magnetics, cost reduced parts that don't work or a bad layout.  My guess is Xfinity/Technicolor isn't spending money on parts in the first place (or hardware engineering, or QA, or product management, or obviously documentation......).

For your port forward error, there's some debate if you can set a port forward rule for a computer/device with a static IP address.  I don't think you can anymore.  You have to be able to see the device in the app, and they're trying to enforce some kind of speed tier and number of devices thing, so it's probably part of their undocumented 'marketing crippleware'.  I don't think there's DHCP reservation either now these days, but perhaps the port forward rule sort of does that.  You are paying $14/month to rent a configuration problem, buggy hardware, and a buggy app to run it with questionable security and crippled functionality.

Start out by clearing out anything you did with the app with port forwards and bridge mode (if you did that).  Wait a few minutes, then reboot the gateway.  Perhaps unplugging it, then letting it discharge for 30 seconds is a good idea too so it wipes out the volatile memory.  You are trying to do a clean state on buggy equipment. 

There must be a 'window of time' where the backend database is supposed to update the gateway config "somehow, by some means".  Maybe that only happens during boot, and sometimes doesn't work.  Xfinity isn't saying.  Perhaps you have to try it a few times in a row to actually get it to stick, and maybe there's a race condition with link up, then configuration load from server that doesn't work well.  If you got your Ethernet issue fixed, try to create the port forward again.  Wait a few minutes, then do the reboot/powercycle discharge thing again. 

If that still doesn't cut it, then you might have to factory default the gateway to get it back to a clean state.  If you can do that from the app, great.  Perhaps you can wipe out a munged backend server database at the same time that way, but I'm not seeing that as an option.  I'd look for it though.  Factory default is either holding the WPS button for 20-25 seconds, or some hardware versions  had a little button (toothpick hole).  I'd still do the power discharge thing again.

Then, after you set up your wifi again, try to see if you can create a rule again.  Then do the reboot thing again.  You are looking for a workaround to the "port forwarding not working" issue everyone else is posting about.

Could also be real helpful to others if you write down the steps you take on each attempt, and if you get it working, post the procedure that works -- If you get it working.  Or, you could just get a 3rd party approved gateway at wallyworld and be done with it.

Wireguard or OpnVPN will run on a windows box -- the same box you want RDP on.  Run it on just about any port you want.  Why that is 'better', is that to communicate with either server, you either have to have the key (wireguard) or with OpnVPN you need the HMAC key to even start a conversation, otherwise, the port appears to be 'filtered' to a port scan and a poor target to waste time on.  Then you don't have to worry about blowing holes in your firewall so much.

It's just a better approach than "I'll only do it for a little while".  Getting pwnd can take less than a second, and can happen with Zero user interaction.

*Oh, and I'll add good luck and cheers!!  You are now the entire Xfinity QA department!!

Well not really resolved, but gave up on it again for now.  

Had some new odd behavior. Logged in to my PC this morning and boom, no internet.  The only change was setting the static IP on the Verizon router.  It worked for HOURS yesterday after this change but something overnight now stopped it.  Perhaps it does take some time for some back end server to actually officially push the change to the Xfinity router (not buying that though as the settings "should" be directly on the router itself not some back end Xfinity server).  

As I had only minutes to log in to work, I tried excluding the Verizon router from the picture again and connected my PC directly to the Xfinity router again.  

They decided to start playing nice again as the wired connection was accepted this time and I had internet again.  I guarantee in a day or two Ill randomly get the same "network cable unplugged" error but with no changes.  

I removed all port forwarding rules and just sticking with a standard setup for the time being.  

On a side note, once I connected my PC directly back to the Xfinity router, the device was detected as "Wireless_Broadband_Router" instead of [PC name]. This was the same that the Verizon router was detected as.  It did give it a new DHCP IP .121.

 - Weird behavior but basically giving up on this as at least I have internet back (when theoretically it shouldn't have dropped in the first place)

Thanks for all advice so far though

OK, well at least do yourself a couple of favors if it's possible.  On the Verizon, see if there's a setting to disable routing or disable the DHCP server on it.  If you are going to try to use it as an unmanaged switch, try to make it an unmanaged switch, and seriously, try a different Ethernet cable.

I'm always surprised when I see millions of dollars worth of server equipment all connected with the cheapest cables you can buy from a bulk reseller.....