A typical problem: some work must be done outside the office, but remote services needed are restricted only to office IP address (or some of them are behing VPN). If the service is available under single static port it will be pretty easy to tunnel the connection using SSH.
Tunnel: means you can access the service port as it's available locally. It's not a proxy (however ssh can act as HTTP proxy if configured).
I'll show practical example: Perforce server begind VPN must be accessed outside office. First, configure it using ~/.ssh/config (more elegant solution):
Host dccf User user1 HostName 220.127.116.11 Port 10222 LocalForward 1333 18.104.22.168:1666
22.214.171.124 is a public office IP, 126.96.36.199 is IP of the service (that operates on 1666 port). Then you can connect new alias:
$ ssh dccf -N &
After this operation you can connect the service using local address (localhost) with local port (1333 in this example):
$ export P4PORT=127.0.0.1:1333 $ p4 sync ...
Option "-N" is useful when you want to only forward some ports. Of course you can setup the tunnel from command line as well in one step:
$ ssh dccf -N -L 1333:188.8.131.52:1666 184.108.40.206