Right. Packets still have to go through your router, assuming that your router has firewall turned on, it goes like this:
Your router receives a packet.
It checks whether the packet is “expected” (a “related” packet) - by using connection tracking.
For example, if ComputerA had sent something to ServerX before, and now the packet received by router says “from ServerX to ComputerA”, then the packet is let through - surely, this packet is just a reply to ComputerA’s previous requests.
If step 2 fails - we know this is a new incoming packet. Possibly it comes from an attacker, which we don’t want. And so the router checks whether there is a rule that allows such a packet to go through (the assumption is that since you are explicitly allowing it, you know how to secure yourself.)
If I have setup a firewall rule that says “allow packets if their destination is ComputerB, TCP port 25565”, and the received packet matches this description, the router lets it through.
Finally, the packets that the router accepts from the previous steps are forwarded to the relevant LAN hosts.
Right. Packets still have to go through your router, assuming that your router has firewall turned on, it goes like this:
Your router receives a packet.
It checks whether the packet is “expected” (a “related” packet) - by using connection tracking.
For example, if ComputerA had sent something to ServerX before, and now the packet received by router says “from ServerX to ComputerA”, then the packet is let through - surely, this packet is just a reply to ComputerA’s previous requests.
If step 2 fails - we know this is a new incoming packet. Possibly it comes from an attacker, which we don’t want. And so the router checks whether there is a rule that allows such a packet to go through (the assumption is that since you are explicitly allowing it, you know how to secure yourself.)
If I have setup a firewall rule that says “allow packets if their destination is ComputerB, TCP port 25565”, and the received packet matches this description, the router lets it through.
Finally, the packets that the router accepts from the previous steps are forwarded to the relevant LAN hosts.