OpenSSH Concepts
Internal
sshd
The OpenSSH server.
Tunneling
Local Forwarding
Local forwarding configures ssh tunneling to listen on a local port and forward the data sent into that port to a remote server, on the specified "remote" port.
-L [bind_address:]port:host:hostport -L [bind_address:]port:remote_socket -L local_socket:host:hostport -L local_socket:remote_socket
This works by allocating a socket to listen to either a TCP "port" on the local side, optionally bound to the specified "bind_address", or to a Unix socket. Whenever a connection is made to the local port or socket, the connection is forwarded over the secure channel, and a connection is made to either "host" port "hostport", or the Unix socket "remote_socket", from the remote machine.
Remote Forwarding
Remote forwarding configures ssh tunneling to listen on a port on the remote side of the tunnel and forward requests to a local port.
-R [bind_address:]port:host:hostport -R [bind_address:]port:local_socket -R remote_socket:host:hostport -R remote_socket:local_socket -R [bind_address:]port
This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side. Whenever a connection is made to that port or Unix socket, the connection is forwarded over the secure channel, and a connection is made from the local machine to either an explicit destination specified by "host" port "hostport", or "local_socket", or, if no explicit destination was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.