The problem comes if you (or your father, or your microwave oven) want to host a game.
For some other player to join the game you are hosting, they need your public IP address.
Unfortunately, that address is the one of your router -- not of your computer.
Your router doesn't know what it means when someone tries to connect to "your game."
There are two solutions:
1) Use port forwarding, and make the way to configure hosted games aware of the user doing port forwarding. This requires network knowledge and administration for each user who wants to host a game, making hosting "hard."
2) Use NAT punch-through, using an external third party server to "see" what your external IP address is, and "see" which port the router happened to pick for your connection, and let the other player know about what it sees.
Option 2) is generally automatic with most good-quality routers/firewalls, unless they are locked down in "super paranoid" mode, in which case you can forget about hosting anything.
Thanks for such a great explanation.