I always have to look this up, so...

Hypothetically, you have a development server that is only accessible on-campus, from a specific subnet. But you want to use/view the app from some off-campus location.

SSH to the rescue:

ssh -nNT -L 8888:firewalled.server.uvic.ca:80 someuser@another.machine.uvic.ca

Then, go your browser and head to http://localhost:8888 and see the firewalled page!

The explanation:
flags -nNT > 'n' basically sends input to /dev/null, 'N' restricts the connection to just tunnelling, and 'T' stops the remote machine giving you a pseudo-TTY.

8888: > is the arbitrary port we'll use for the tunnelling

firewalled.server.uvic.ca > the server we want to access

:80 > the remote port you want to access. In this case it's a web server, so port 80

someuser@another.machine.uvic.ca > this connects a user to another remote machine that you have SSH access to, AND is allowed to access firewalled.server.uvic.ca on port 80.