Overriding firewalls and NAT in BOTH ends of connection.

A = Source Machine (connect to localhost on this)
B = Target Machine (server)
C = Host in between (part of tunnel)

B:
Establish half tunnel to C using ssh:
ssh -N (no shell) -f (background) -R (remote port forward) 5555:localhost:6667 C
(all trafic to port 5555 on C is tunneled back to 6667 on B)

A:
Establish the other half of the tunnel to C using ssh:
ssh -N -f -L (local port forwarding) 7777:localhost:5555 C
(connections to localhost:7777 on A is tunneled back to 5555 on C which tunnels to port 6667 on B)