Port 22 and 443 Open; Problem?

If as appears the case your 'Internet Router' is the Rogers Hitron CGN3 Router then it is the first point of contact between your internal network and the Internet and it is therefore the device that almost certainly has these two ports open.

As I am guessing this router was supplied to you by your Internet Service Provider it will almost certainly have been pre-configured by them and in particular will have been configured by them to allow them to remotely access and manage your router. These two ports have probably been left open in the router to allow them to access it for remote management and without them being open they would not be able to do this.

Saying the above, with more sophisticated firewalls/routers you can also configure them to operate in a 'stealth' mode which means a probe like that done by ShieldsUp cannot tell if the port is open but it can still be accessed by the intended person. We use a hardware firewall in addition to both a hardware router and the Mac software firewall for our office and this hardware firewall has been configured to operate in stealth mode and as a result ShieldsUp cannot tell if we have any open ports. (We do as we run our own public servers.)

To verify that these ports are your router rather than a Mac you would as suggested by tygb have to run Network Utility on a Mac on your internal network and do a port scan of each Mac on your network. You could tell it to just scan port 22 and then do just port 443 as this will be quicker than trying to scan say 1 to 443 inclusive. If none of your Macs have these ports open then obviously it cannot be them being detected. Similarly doing the test from outside your network when no computers are plugged in or turned on if the test then still shows these ports open it must be the router itself.

Note: There are other more sophisticated network scanning tools and you can also 'hire' a consultant to do a proper 'penetration test' of your network.

If someone on the Internet can tell a port is open then it tells them there is something there listening to that port and they could use that to target an attack, they can also run other tests to even identify the type of device and version of operating system and from that try using known vulnerabilities to increase their chances of a successful attack.

See https://nmap.org/

It should also be born in mind that consumer i.e. home level routers often have a feature call UPnP turned on to automate opening ports based on the software you are running on the computers on your internal network. This could then show as open ports. See http://www.howtogeek.com/122487/htg-explains-is-upnp-a-security-risk/

Note: UPnP is not always a bad thing, in fact some Apple services use it themselves e.g. Apple's 'Back to my Mac'. See Set up and use Back to My Mac - Apple Support

Please open network utility via spotlight like shown in the screen shot .

Enter your IP address and click on port scan , if you see absolutely nothing comes up , either the machine isn't broadcasting or recipient machine is rejecting all requests or perhaps a strong firewall is configured .

This makes network utility 's port scanner an excellent way to quickly check security & test out potential vulnerabilities on active services .

You can click on system preferences > security & privacy & open the pad lock by entering username & password .

Click on firewall > firewall options > select the boxes of block all incoming connections + stealth mode .

An article for it : OS X Yosemite: Prevent others from discovering your Mac

And read these articles also : OS X Yosemite: Prevent unwanted connections by using a firewall

: About Network Utility - Apple Support

These ports being open is likely just fine.

This article explains.

TCP and UDP ports used by Apple software products - Apple Support