In general, you should not have any open ports on the front of your router/firewall unless you're hosting a service (e.g. a Web site) on your local network that requires public access. Most small/home office routers come with a default policy that is configured to allow any outbound traffic and deny all inbound traffic. This is the desired policy, and I'd strongly recommend that you stick with it.
You mentioned a future requirement for remote desktop connections. If you do expose a remote management port, you should ensure that it's using a strongly encrypted connection or is tunneled through a virtual private network (VPN). If at all possible, you should also limit access to specific IP addresses, ones from which you expect inbound connections.
This was first published in September 2006