~~ Forward ~~
Sometimes, we have a powerful machine on our LAN, where we would like to run -all- our services like Squid, CUPS, MythTV, TOR, and so on. In my case this is my Home Theater PeeCee. I have all the appropriate daemons running on that machine and their listening ports are only on 127.0.0.1, and not on any outside interfaces (which would be a security problem).
But I also want these services on the other machines of my LAN, like the laptop and so on. With reverse SSH tunnels, on the laptop I instigate a tunnel to the HTPC, and the HTPC’s daemon port is then forwarded through the encrypted tunnel to the laptop. That port now appears on the laptop at 127.0.0.1 as if it’s local. When I use that service, the laptop reaches into its bellybutton, goes through the encrypted tunnel to the remote server, and accesses the service running on the remote HTPC. All of this is done through SSH with military-grade encryption, so you can do this no matter where you are, securely. No matter what daemon, only port 22 is ever open to the outside. And, it’s fast.