When something outside of your home or office network needs to talk to something inside of the network it uses a port. If you have no firewall/router all ports are open. To allow that traffic in to the correct computer when you do have a firewall, you forward that port to the computer expecting the traffic. This allows the external device to have its request forwarded to the correct internal device.

Your firewall with allow connections out without this, and once established that connection can become two way. That is why it’s not normally needed. Only when the connection is initiated from the external device.

Its worth noting that these ports can be scanned and forwarding the wrong ports can expose your systems to the wild internet and anyone who cares to attempt access.

Edit: added the note