One of our clients tipped me off to this awesome ssh configuration to create dynamic tunnels to servers which would otherwise be hidden behind NAT or a firewall. The mechanism uses a bastion host as a proxy combined with netcat.
Example snippet from .ssh/config or /etc/ssh/ssh_config…
Host example-gw Hostname <ip-address> Host *.example.com ProxyCommand ssh example-gw exec 'nc %h %p' 2>/dev/null
Combine this with ssh keys and (something like) keychain/pageant/ssh-agent and accessing the systems at a remote site becomes oh so easy!