|I agree with Stuart. To put it in an easier to undertand context I would explain it like this:|
When a user behind a firewall clicks a link on a web page, that request first goes to the router. The request is then forwarded from the router to the web server, so the web server sees the request coming from the router. When the response from the web server comes back, the router knows which computer sent the original request and sends it back to that client computer.
However, port forwarding revolves around when a call comes in from the internet that was not requested from a client computer. If the request comes in on a port that is set in the port forwarding rules, then it will be forwarded on to the appropriate client. Otherwise, the router has no idea where to send the traffic and it will be dropped (unless there is a device int he DMZ).
So, without port forwarding enabled it is very difficult, if not impossible, for someone send traffic to a PC behnd the router without first hacking into the router.