If all you rely on is NAT, and you turn the firewall on your router off, it is possible for outside attackers to send unexpected packets to through the NAT device and right to your endpoints.
The targets are limited to the entries contained within the NAT translation tables, but that's still a pretty leaky "firewall".
NAT is just not a firewall, all it does is translate addresses, or in the case of PAT, Ports+Addresses. It does not filter the packets it receives, it just translates them.
If all you rely on is NAT, and you turn the firewall on your router off, it is possible for outside attackers to send unexpected packets to through the NAT device and right to your endpoints.
The targets are limited to the entries contained within the NAT translation tables, but that's still a pretty leaky "firewall".
NAT is just not a firewall, all it does is translate addresses, or in the case of PAT, Ports+Addresses. It does not filter the packets it receives, it just translates them.