Credit to Allister Jenks for the Instructions for iOS
Airport routers from Apple have a service turned on by default called NAT-PMP (Network Address Translation Port Mapping Protocol). This service allows applications and/or devices inside your network to automatically open ports in your router to make them accessible from the Internet. While this feature does make it easier to set up Internet of Things devices (doorbells, webcams, light bulbs), it makes your network more vulnerable to attack.
The recent (October 2016) Denial of Service attacks on the Domain Name System that pretty much broke the internet for a half a day were due to devices inside peoples’ networks being commandeered to act on behalf of the bad actors. In other words, having NAT-PMP enabled on an Airport router (or UPnP on other manufacturer’s routers) allowed these Internet of Things devices to be recruited into a botnet.
If you want to learn more, please see this Wikipedia article: https://en.wikipedia.org/wiki/NAT_Port_Mapping_Protocol
These instructions show you how to turn NAT-PMP off in an Airport Router using the Airport Utility on iOS. If you want to do it from your Mac, please see this tutorial:
https://www.podfeet.com/blog/tutorials-5/how-to-turn-off-nat-pmp-on-airport-routers/
If you have a Netgear Nighthawk Router, please see this tutorial: https://www.podfeet.com/blog/how-to-turn-off-upnp-on-netgear-nighthawk-routers/