NAT is what makes your router such a good firewall.
Basically it makes all of your Internet requests look as if they originated from the router, hiding your various devices. But more than that, it only allows incoming packets that are responsive to outgoing packets.
Here's how wikipedia explains it:
[T]he port numbers are changed so that the combination of IP address (within the IP header) and port number (within the Transport Layer header) on the returned packet can be unambiguously mapped to the corresponding private network destination.
By Yangliy at English Wikibooks - Transferred from en.wikibooks to Commons., Public Domain, https://commons.wikimedia.org/w/index.php?curid=61795882
In plain English, every time something is sent out from your network, the router keeps a record of it and will only allow incoming traffic that is responsive to that.
This has 2 benefits. First, the Internet can't see your internal network. All traffic looks like it originated from your router. Second, any non-responsive traffic, e.g. from hackers, is simply disregarded.
Part II will dig another layer deeper.