As a fellow relay operator I think it might be helpful for me to add some clarification to what you saw.
“comcast” the ISP didn’t block or interfere with traffic to/from the relay IP. (Thanks Jason for the clarification.)
an average “comcast user” (with ISP-provided modem and the “advanced security” on by default) will by default block incoming connection from relay IPs. Thus, when the said user opens a port forwarding from their public IP, you can’t proactively connect to that IP:port from your relay’s IP.
“advanced security” will not block return traffic for outgoing connections from the user. That is, when this user connects to a relay IP (e.g., opens a tor browser), it works just fine.
The blocking is done at the modem box, and anyone expecting incoming connection from the wider internet should obviously turn off “advanced security” on their box. I can understand the motivation for the default – when most people set up port forwarding, they probably only want incoming connections from friends or their own phone, not the entire internet.
I do not use comcast personally so this is only based on anecdotes I heard and the thread so far; please take it as a grain of salt. Hope it helps. I’m also happy to help you and your lightning node friend privately.