From LQWiki

SSH tunneling means to send network traffic from an incoming port to an outgoing port using ssh encryption. It is called a tunnel because it connects two points and, because of encryption, the traffic content is not visible to spectators.

Tunneling Ports with SSH

You can use ssh for port forwarding so e.g. traffic arriving at port 42 of your computer is forwarded to port 80 of wiki.linuxquestions.org. Additionally, this traffic will be encrypted and compressed. You can use this

• if some port, maybe 80 is not routed inside your netWork
• if you want a light-weight vpn for security reasons
• if you want to connect to a network service on a non-default port (see below)

As an example, I need to access a server target with the rdesktop protocol on port 1807. The only possibility to do this is to forward port 3389 from my local computer to port 1807 of the remote computer and then rdesktop to localhost. To do the port forwarding, I type

ssh -g root@localhost -L 3389:target:1807

and login. As soon as I have logged in, I can rdesktop to localhost and get a connection to the target computer.

With other words, your syntax is

ssh -g user@local machine -L local port:remote machine:remote port

Extras

• You can have your local system accept outside connections. So anyone on your LAN could connect to your system on port 99, and have tunnelled access to your VNC sever. (So long as the SSH session is active).
• You can do the same thing for FTP, HTTP, etc to get access to home servers, without publicly exposing those ports. Theoretically, you can close all ports but 22 (SSH).
• You can reverse the direction using remote port forwarding: any traffic sent to the SSH server on a given port is forwarded to the local system. Good for picking up SNMP traps from home systems.
• Port forwarding is only active once you have authenticated, so people can't launch anonymous attacks on your network.
• SSH can also be tunneled through HTTP proxies by use of programs like corkscrew.