I've got difficulties in understanding NAT, NAPT, and port forwarding. I got what NAT does. But when I try to describe port forwarding, NAT's concept becomes too vague. I found NAPT and there is only a vague assumption that port forwarding is related to this.
Is port forwarding related to NAPT? If not, what is the difference?
NAPT stands for Network Address Port Translation and it specifically is in reference to be able to have many private IP addresses (ie - inside your building) all able to share a single public IP address (that would be assigned to your router from your ISP).
Think of it like this ... your public IP Address which is visible to the entire Internet exists on the ethernet port that you have connected to your Internet service.
Then, the other ports on your router / firewall / WiFi are all on a different network entirely - that's called your PRIVATE network.
In order to get all of those IP addresses on the inside private network to be able to have autonomous access to the Internet, your router/firewall does what we traditionally call NATting - Network Address Translation. So lets say that you and three other people access the same web site from inside your house... your firewall will see those requests to access that web site on your three different private IP addresses and it will assign to that browsing session, a unique session ID to that datastream and it will then go out and contact that web server but that unique session id rides with that datastream so that when packets come back from the web site the router knows which private IP address to send them to ... it acts as a facilitator for the internet packets going to and from the private IP addresses inside your building.
And a private IP address can be assigned to computers, tablets, cell phones, printers etc. etc.
PORT ADDRESS TRANSLATION is the exact same thing, only in reverse.
You do NOT want anyone on the Internet to be able to access any of the devices on your private network, so by default, your router/fireall denys any requests coming from somewhere on the internet that might be trying to access your public IP address.
But there are times when you have something running on one of your private IP devices ... like a gaming console, or maybe a remote desktop session that you need someone to access from the Internet ... what we typically do, is go into the routers configuration settings, and we create a PAT rule that says, "Allow any attempts to access my public IP address ON this specific port number and send those requests back to this specific private IP address." - in a nut shell.
NATting is when traffic is generated from the inside of your private network and it is going out to the Internet where PATting is for traffic coming FROM the Internet into your private network.
Hope that help clarify things a little ...
Edit: I should point out, that these days, when a device or some software running on your computer needs to allow traffic from the Internet to reach it, there is a feature in most home routers called UPNP (Universal Plug And Play) that, when enabled, devices like XBOX and other software can create - on the fly and without you having to give it any thought at all - PAT rules inside your firewall. UPNP was created because most home users don't remotely understand how network traffic works so trying to teach the non-tech person how to create PAT rules was becoming an issue, so UPnP was invented... it has its issues, but for the most part it's fairly reliable and nothing to worry about.