So I have this beast of a windows program called XenCenter that is fairly necessary for administering a Citrix XenServer. It connects to port 443 on the Xen host, which is not normally exposed with a public IP. And I do not have a working VPN to this machine. Once again, SSH to the rescue:
ssh -t -L *:443:localhost:11111 user@hostname1 ssh -L *:11111:localhost:443 user@hostname2
This is the most general case, and can be chained through more then two hosts. Note that the hostname or IP address between the two port specs is always relative to the remote host. Which is to say, the first localhost is on hostname1, and the second is on hostname2. Also note that user@hostname can be replaced with a locally defined Host from ~/.ssh/config, and can include the full array of ssh options like -p and -i. And finally, the *: allows connections from anywhere, not just localhost. The first one is obviously necessary because I am running this SSH on my Linux desktop, and then connecting to it with XenCenter from a Windows VM. (Not sure why the second *: is necessary....)
Because 443/https traffic is already encrypted, the above can be simplified with little loss of security:
ssh -L *:443:hostname2:443 user@hostname1Which is to say, hostname1 will forward traffic directly to port 443 on hostname2, assuming no firewalls intervene.