You need to be more clear about your setup then. How is your OpenWrt router connected to the "ISP modem"? If it's connected to it through DHCP, then the OpenWrt's WAN is only facing that "modem". It's your "modem" that's facing the internet, which is then actually a router itself and doing the filtering/blocking you witness.
Ok , lets get this straight .
I have my isp modem witch provides internet to openwrt router , openwrt have a static ip address from isp modem because i have in my isp modem dhcp disabled .
Since my isp modem have 4 lan ports , i have the openwrt router connected to one port (witch is my wireless network) , and i have my firewall also connected to my isp modem witch protects my internal cable network .
2 ports left right .
my linux connects to one of those left ports and i scan the ip that openwrt have assigned as static from isp modem , witch is 192.168.blá blá , so , when i scan that specific ip address from lan to lan , my isp modem have nothing to do with it because i am not scanning the modem itself , it is like i am doing a scanning to a computer over the network .
Now , i can do another scan on openwrt wan port from isp modem , just to check again .
I can put here the nmap command to you check out your routers in your network , because my nmap does not only scan ports as also inject some scripts to test specific ports for vulnerabilities .
What is bothers me most is that those ports are dangerous ports , specially the remote administrator port , because it is filtered it does not mean that that port can not be opened with the appropriate tool .
just look at these ports :
4005 pxc-pin
4899 radmin
6566 sane-port
55555 unknow
is this for real or what !!!!
i will check it out with another scan and i will post the results again .
Note : take out of your mind the idea that this is an isp port opened , because i am scanning a router from internal lan and not a modem from outside from the net .