Let me give this a try. It'll be a little simplistic but I'll try to keep confusing language out of the description for clarity purposes.
Ports are a result of networking because they're only relevant if you have two or more computers. What really helps in understanding is the question "when I connect to a computer with a web server using Internet Explorer how does the web server know that I want a web page rather than an ftp directory or to connect to a game that might exist on that computer?" The answer is ports. When a computer wants to connect to a web server and retrieve a web page it connects to the destination computer on port 80 so that the destination computer knows that the external request is for a web page. If the destination computer had received a request on port 21 then the it would know that the request is for ftp software, a request on port 25 is the SMTP (email protocol). So just to be clear ports are how one computer knows what the other computer is asking for. An example is a building with doors numbered from 1 to 65534. Everyone knows what's supposed to be inside the first 1024 (0 - 1023) doors whether there is something there or not and the others above 1023 may or may not have something in them depending on what the owner of this building decides to do. Now, when a room has something in it you can tell because when you knock on it you get a reply unlike the empty rooms where there is no reply (knocking in this analogy is port scanning not port knocking). If someone wants to take something from those rooms they'll knock on the doors to see if they get a reply and if they do get a reply and it's something they want then they'll pick the lock, open the door, and try to get what they can out of the room. Now, if we back away from the analogy for a second we can discuss what a firewall does in this context. Firewalls work in different ways depending on the implementation but the general trend is towards a product that hides the entire building. Someone will go to the address and look around but can't see the building with the doors so they eventually move on leaving the address alone, at least that's the way it's supposed to happen. Now, when you forward a port it's the equivalent of making the door visible but only to somebody who knocks on it. This is important because the more doors people have access to the more ways they have to try getting into your building (FYI the building is your network or computer) and once they're in they have greater access to your resources. A firewall ensures that they only have access to the parts of the building you want them to have access to and only when you want them to have it.