The Cisco DPC3939B is a DOCSIS 3.0 device offered by Comcast for business internet. A typical business larger than 5 users will have a firewall/router in place behind the modem to protect the LAN. In order to pass the WAN IP over to your firewall/router there is something called "bridging mode". This essentially turns the modem into a dumb device so your firewall can work as intended, without having to NAT twice, once through the modem and once through the firewall. The DPC3939B bridges just fine, but I was taken back by a default (factory reset) setting hidden in the admin panel that blocks ALL ports, so no more public servers!
Go to Advanced -> Port Management and check "Disable all rules and allow all inbound traffic through" and for good measure select "Open all ports but block exceptions below". Reference:
Now your public NATed services should be working again, joyous day!
