And such port forwards can get complicated when you're doing it for multiple inside machines with a single public IP (typical end user setup). This is way beyond the knowledge and patience of the average user.
Right. My firewall config is about seven or eight pages long. Three or four of those pages are dedicated strictly to NAT translations and configuration; to do the same thing for IPv6 requires half a page.
Yep. I've been doing IT and firewall stuff for long enough to remember when it was common to run public IPv4s on one's corporate LAN. FW configs were waaay simpler in those days. Need some service? Open the port to that host and you're done.
Plus, every host on your LAN could be addressed by the "normal" port on which the service listens. Today, with the lack of IPv4s, it's considered pretty wasteful to not use a bunch of external ports to map to internal boxes on the same pub IPv4. So then the users have to know/type in the port number if it was, say, a bunch of web servers.
IPv6 will be a return to that, with every device having its own unique address. You won't have to "share" a small set of IPv4 publics for 100 different services behind the firewall or on the DMZ (If you're not running publics on the DMZ already. A real DMZ, not the consumer grade router definition of a DMZ).
This will probably also cause an increase in home users making use of more servers and services at home, since it will be far less complicated. I predict that a lot of consumer devices, TVs, DVRs, etc, etc will start to have web interfaces to monitor and control them, etc, since it will be easy for home users to access them from the internet without doing port forwards or running a VPN client or doing some sort of tunneling.
Another huge benefit of going back to using globally unique addresses on the LAN will be the elimination of overlapping RFC-1918 private address space. This is a real pain when say, two corporations need to establish a site to site VPN between them for some cooperative venture. Or even more of a pain when one company acquires another. In those situations I've had to employ confusing/annoying network NAT solutions temporarily, and ultimately renumber one of the company's entire corp network. IPv6 won't have this problem.
And of course it will also allow IPSEC to work in transport mode on a host to host basis, allowing generic encryption to be used with just about any application or service without the need for per-application implementation of encryption. Probably with very little set-up by the admin, if any (it'll probably be an OS install-time configuration).
Probably a bunch of other stuff I can't think of right now, but suffice to say, unique addresses == win. NAT is and always was a kludge to temporarily alleviate IPv4 exhaustion.