On your local machine (your laptop), execute:
ssh -L 8080:intranet_webserver:80 -L 110:mailhost:110 username@ssh_server
This opens a ssh connection to the ssh_server, and set up port 8080 on your local machine to be forwarded to port 80 on your intranet web server. To access your intranet web server, point your browser to http://localhost:8080
The -L options can be specified multiple times to establish multiple tunnels.
If you are using PuTTY, its UI is a bit confusing, so just play with it so that entries in the list of forwarded ports have L in front of local port.
To access the Windows PC at work with remote desktop:
1. disable remote desktop on home laptop
2. establish a tunnel using IP from step 6 (7777:x.x.x.x:3389)
3. on home laptop, go to Start Menu -> All Programs -> Accessories -> Communication -> Remote Desktop
4. put in localhost:7777
Note that you will have to be root on your laptop for this example, since you'll be binding to a privileged port (110, the POP port). You should also disable any locally running POP daemon (look in /etc/inetd.conf) or it will get in the way.
Assuming you have your RSA or DSA keys setup, you can even run this in the background (tack on a &). This sets up the tunnel, and starts forwarding your local ports to the remote end through it. The -N switch tells SSH to not bother running an actual command on the remote end, and just do the forwarding.
Another useful feature of port forwarding is for getting around pesky firewall restrictions. For example, I was recently behind a firewall that did not allow outbound Jabber protocol traffic to talk.google.com. With this command:
ssh -f -L 3000:talk.google.com:5222 home -N
I was able to send my Google Talk traffic encrypted through the firewall back to my server at home and then out to Google. All I had to do was reconfigure my Jabber client to use localhost:3000 as the server.
The trick: instead of directly connect to the remote machine, you connect to the local machine (localhost)
