pptp is more than just a TCP protocol on those 2 ports, it is a completely separate protocol called GRE and it is very difficult to translate. There is special software code in any address translator to handle it. If your using the translator in the cable modem then the simple answer is that the software programmer didn't include code in there that would allow you to close all ports except for those 2. If this is a business connection then get a static IP and use a Linksys or other router as your translator and if this is a residential connection then try a different brand of cable modem.
The SMC does support pptp. You have to also port forward GRE. Don't put any ports in the boxes for this rule, just go to protocol and select gre and you internal ip.
The GRE protocol does not use "ports" that's a TCP thing not a GRE thing. You might be able to do a protocol forward with GRE but not a port forward.
I set it up all the time on the SMC. You set it up under port forwarding. Just select GRE under the protocal drop down menu. The port boxes will go blank and then put the device IP in.
Just becasue Comcast calls things by their wrong name because they don't want to educate people does not make GRE a TCP protocol. You won't get much knowledge if your networking education is all from menu screens on devices. ;-)
GRE is a protocol and your doing a protocol forward there not a port forward.
I did not say that GRE was a TCP protocal. I said it is setup under port forwarding in the SMC. Since the only place on the SMC to forward GRE is under port forwarding, why would I risk confusing the answer with a detailed explanation of how it works and why. I try to not overcomplicate technical issues with detailed explanations unless they are necessary in fixing the issue, or it is requested. I'm sorry you took my answer as a personal attack, it was only meant to get my point across.