The title of this article is a bit complex. Let's talk about it with an example.
Suppose you are now on machine X, and the remote services you want to access are on machine Z. The problem is that machine X is blocked by machine Z's Firewall. The good thing is that, you (machine X) can access machine Y and machine Y is not blocked by machine Z. (Machine Y is on the white list of machine Z.)
A chart may be more clear:
X -> Z # fail
X -> Y # success
Y -> Z # success
Then, is it possible to let machine Y forward machine X's request to machine Z like this:
X -> Y -> Z # Y is used as a bridge between X and Z
Suppose that you want to access Z's 8000 port, run the following command on machine X:
ssh -NTL 8000:Z:8000 Y
-NTL tells SSH to forward local request to remote server.8000:Z:8000 has three parts separated by colons. The 1st part is the local port on machine X; The 2nd part is remote server machine Z; The 3rd part is the port on machine Z.Y at the end is the bridge machine Y.Now, when you access localhost:8000, you are in fact accessing Z:8000.