I don't really understand what you are trying to accomplish. A scan from the internet will scan your router. You can scan your computer from another computer on the lan using nmap.
I have a Linksys NAT router connected to a cable modem. It has a gateway mode and a router mode. I am using gateway mode.
Routers tend to respond to the ident port.
hpmedia:~ # grep ident /etc/services
ident 113/tcp #
# identify "authentication domains"
Some older ftp sites will take 2 minutes and timeout without the ident port, but this is rare, and you usually have an option to close it. From your grc response, the routers ident port isn't open.
For the ports you use on the computer itself, make sure to secure services properly. Such as if you use ssh, disable root logins. Use an "AllowUsers" entry. Some people also disable password logins and change the port from port 22 to a higher port number to discourage script kiddie brute force attacts. This won't be an item if you don't forward port 22 in the router.
In my software firewall (guardog) I have DNS http https only.
Are you running apache2 and a dns server?
If you have two network interfaces on your hosts, you can have an internet access zone and a less secure LAN zone. This would allow you to open up ports that samba uses without as much worry. Although the NAT router will provide protection, what happens after a power spike or if the router has an unknown vulnerability.
Be sure you disable uPNP on the router, if it exists. It is an evil Microsoft invention that allows ports on the router to be opened up automatically. Installing the wrong software on any of your computers could open up a port in the router without your knowing it.