The best visual metaphor I have come up with is that of a operator on a old fashion switch board.
The switch board is your router's NAT routing table, with inbound and outbound calls being like calls inbound/outbound requests for connections. Your public IP is the phone number for that board, with the different extensions being the different TCP/UDP ports. If someone calls from inside the office asking for "Bob Smith", the operator has to check her public directory (DNS) for their phone number(IP) and route it accordingly. However, if someone calls from outside the office asking for "Fred", the operator needs to know what line or exstention Fred is at that office. This would use a separate private directory that would tell the operator which exstention belongs to which person. Making a port forwarding rule is like making a entry in that directory. You are telling the router to route any requests for a certian port to a private IP on the LAN. With camera's, you assign a different port to each one, and route that port to the IP of the camera;
LAN (192.168.1.2 - 192.168.1.99)
Camera 1 (192.168.1.2) Port 8080
Camera 2 (192.168.1.3) Port 8081
Camera 3 (192.168.1.4) Port 8082
You would forward the port (8080) to the IP 192.168.1.2. Someone outside the network would enter 22.214.171.124:8080 into their browser for camera 1, 126.96.36.199:8081 for Camera 2 and so on. Does that make sense? Did you want a more technical answer?
Edited by Trikein, 05 September 2016 - 05:42 PM.