Firewall behind a firewall?

After living with dial-up ever since Al Gore invented the internet, I FINALLY got broadband, through a WISP. I bought a Linksys E3000 and it works fine on my combined wired / wireless home LAN. All computers are Windows XP SP2. I had some questions that I would really love to have answered concerning network security. I have file and printer sharing turned on. When I ran the port scan service from GRC.com, it showed ports 21, 22, 23, and 80 as open. This concerned me, so I called my WISP and he assured me my system is safe. He said he needs certain ports open to service his equipment. He also said the equipment he installed (the antenna unit) has a built-in firewall. The E3000 has a firewall. Windows XP has a software firewall. So why do these ports show open? Should I be concerned?

My other questions are, where exactly does the internet connection IP come from? Is there a way to ping the individual computer's IP address that are on my LAN from outside the LAN? Is there a way to test or confirm the security of my LAN from internet threats? I have the E3000 configured to NOT return a ping, so why am I able to ping the internet connection IP?

Thanks for any help.

Your open ports are commonly used for:

21: FTP
22: SSH
23: telnet
80: HTTP

If you know your WAN address, you can always try accessing those ports from outside your network. go into your browser and put in:

http://<WAN IP ADDRESS>/

and see if anything is actually listening on port 80. You can also open a command prompt on a remote computer and type in:

telnet <WAN_IP_ADDRESS>

and see if anything is listening on port 23. try similar stuff with the other ports. i'm not sure why port 20 isn't open as that is also needed for FTP.

No, they don't have to be open unless your WISP requires it to be. I just said they are open because you said GRC.com reported them open. The suggestions I listed earlier were just to see if there are any actual applications listening on those ports, which according to your test there doesn't appear to be any.

At work, they are showing up as stealth because the firewall you have at work is blocking or dropping data packets to those ports.

I can possibly see your WISP requiring port 22 (SSH) open. I don't see why he needs the other ports open, especially since it doesn't appear he has any software listening on those ports. Since there is nothing listening on those ports, I don't think it's a cause for concern. If you feel strongly about it, you can always go into your router and block those ports.

If the firewall blocked all ports, how would you get your email or view web pages or share files and printers, or play online games? Some ports must be open, the direction, inbound or outbound is another thing.

Depending on the firewall, some default ports are left open, especially if there is a common program that uses that port. Your WISP may have also configured it that way for a reason. Anyhow, you can always go into the router and close those ports.

If they set up your router/antenna they can change the remote admin user name and password. That is all you need to configure the router. You even said he left certain ports open to service his equipment.