First, before understanding why and how to forward ports, it is important to understand what an Internet IP is vs. NAT (Local) IP .
Think of NAT as a phone extension. Your office phone may only have one phone number, but many phones that have extensions. The default phone, your receptionist, answers general requests, and this is what your Router does.
Now, it is important to understand what ports are. We are not talking about physical ports that you will find on the back of your computer. What we are talking about are virtual ports that exist as part of the TCP/IP and UDP protocols.
There are 65536 ports ranging from 0-65535.
The most commonly used ports are the lower numbered ports.
I'll use Windows Remote Desktop Connection as an example (also known as Terminal Services).
The service, Terminal Services, listens (by default) on port 3389. When you open the Remote Desktop Client (run command "mstsc) and type in an IP, by default, the client will attempt to connect to that IP on port 3389.
When you put in an Internet IP, unless your computer is connected directly to a cable modem without NAT, this should all work just fine and dandy.
When you are behind a router or a modem that IS using NAT, you need to forward the port to the local IP address.
The reason for this is, the router will receive the connection, but obviously the router itself isn't equipped to handle that request. The router needs to know which machine on your Local Area Network (or LAN )to send the request to, this is why port forwarding is necessary.
Obviously to some, not to others, the router can only forward this request to one PC at a time. So, if you are running more than one machine, you will need to change the default port and forward it as necessary, or simply use a VPN.
If you do not know how to do the actual port forwarding configuration with your router, I find that there are usually instructions on the manufacturer's website with pictures and everything .