Confused! Steve.
FTP and Telnet are _not_ running on your box. I would assume that they're running on the router, and are probably filtered to allow only internal addresses and to drop anything from outside. Looks like you've got the standard local-only Postfix install, a web server, MySQL (you did remember to set the root password, right? :-), and RPC services. Totally vanilla, in other words.
It's a 10.0 install right from the box. Is that what vanilla means? Yes, there's a root password for mysql too.
It's also possible that your ISP has a DROP rule in place for incoming connections to those ports. Many do DROP connections in to certain ports (port 25 and port 80 being the two that are most commonly filtered). If an upstream firewall/ACL is preventing access to those ports and dropping the packets, they would appear in the list designated the same way.
If you've got access to an external box that allows you to portscan, you can probably do a telnet out, right?
Yes it lets me.
Try telneting to yourself, and see what the greeting line turns up...if it's a standard telnet server, it'll probably identify itself.
I get 'connection refused'. that's from my internal box though. Bottom line, do you think this is safe? Cheers and thank you for your excellently clear explantions. Steve.