NAT Routers Part 1: Client Firewalls
Segment 4: Discarding Unknown Packets
Your NAT router cannot know anything about any of the processes within your PC without help. Accordingly, if some hostile hacker out on the Internet sends you an evil packet intended to exploit some process (like TCP process 80) inside your PC, he may think he's reaching your PC, probing it for its processes, but he will actually be communicating only with your NAT router, and your router won't know how to respond for that target process. It's not running that process, and doesn't know anything about any of the processes running in your PC unless it receives help from you. Accordingly, it will simply ignore and discard that packet.
This is a Good Thing when the packet comes from an evil hacker, but your NAT router will ignore and discard all packets coming from the Internet for your PC unless you tell it about processes inside your PC that are expecting messages.