This how-to works on Linux, and possibly on Macs (not tested). You can do the same on MS-Windows, but you'll need to figure out in what little boxes to put this information depending on the ssh client that you are using for tunneling. The tunnel can be used with various programs, such as ssh to get a terminal session on a remote server, or http to view a page in a web browser.
If you want to ssh to a server (e.g. TARGET) which is not accessible from outside a local domain (e.g. DOMAIN), but you have access to a workstation (e.g. TUNNEL) which can do both, set up a session with:
ssh -f USER@TUNNEL.DOMAIN -L 8000:TARGET.DOMAIN:22 -N
It will prompt you for the USER password on TUNNEL.DOMAIN. Then once you have the prompt back, connect with:
ssh localhost -p 8000
It will now prompt you for the USER password on TARGET.DOMAIN, and you can work on the TARGET.DOMAIN server.
If you want to http to a server (e.g. TARGET) which is not accessible from outside a local domain (e.g. DOMAIN), but you have access to a workstation (e.g. TUNNEL) which can access it, set up a session with:
ssh -f USER@TUNNEL.DOMAIN -L 8001:TARGET.DOMAIN:80 -N
It will prompt you for the USER password on TUNNEL.DOMAIN. Then once you have the prompt back, use Firefox or Chromium to browse to the URL:
http://localhost:8001/
And you will get the site http://TARGET.DOMAIN:80/.
The tunneling ssh command uses 2 ports: the first is the one on your local machine, and the second is the one on the remote machine.
All traffic is encrypted, so it's safe to use from pretty much anywhere (even your local coffee house).
You'll need to kill your ssh instance if you want to get rid of it.