I would like to setup an ssh tunnel that includes 3 machines. One machine I want to make http requests from but can only connect to a central server and outbound port 80 requests. The server is a linux box that I have full root access to. The third machine would be my laptop. I was thinking of setting up an ssh chain where the http machine would remote port forward to the server i.e. ssh -R 9999:localhost:9999 user@server_ip_address. Then from my laptop I could "ssh -D8080 user@server-ip-address" with some netcat in the middle, but I don't know what command to use in the middle.
Could someone show me where my thinking has gone wrong? Or how I might accomplish this…
(source: 
Best Answer
I'm a little confused...you're saying you have a Linux web server and you want to connect to it via a SSH tunnel?
You can do this with the -L and -g switches to SSH. If you have a remote Linux system with port 22 open, and you're remote with two machines on site...call the server A and the two other machines you're remote with B and C...you can create a tunnel between A and B using -g and -L with the proper command line (like ssh -g -L 5000:remote-ip:80 yourname@remoteIP) on machine B to connect to machine A then on B point to localhost port 5000 to bring up A's website, and laptop C can connect to port 5000 with a web browser on machine B which will also bring up machine A's web page. -L handles port forwarding and mapping, -g allows other machines to access the tunnel aside from the host that is running SSH.
Does that help?
Remember that the encryption is only between A and B. Traffic between C and B is unencrypted.