I've always knew that it's possible to channel any TCP traffic through ssh but never got around to actually use it (beyond running the SSH client with "-X" to forward X11 traffic) but today I got around to actually test this.
The problem: access devices like my Dlink DSL504G ADSL modem web interface or Sipura SPA-3000 ATA's web interface from my desktop at work.
The solution: actually there are a few of them, I'll list them by the order I tried them:
1. "ssh -L 30000:192.168.1.3:80 my-home-machine" - This tells my SSH client at work that if I connect to port 3000 on my desktop at work it should connect host "192.168.1.3" port "80" from my home machine. This is the private-network address of my ADSL modem. Now I just typed "localhost:30000" in Firefox on my work desktop and got the web interface of my ADSL modem at home. I could add another port (let's say port 30001) to forward connections to my ATA device.
2. Just "ssh my-home-machine" then type "~C" this brings up a command line interface which allows me to then type "-L 30000:192.168.1.3:80" - the effect is just the same as specifying this command line argument on the ssh command line but the advantage is that I don't have to open a new session if I already have one.
3. Last but not least (but I ended up not using it): add a line to the configuration in ~/.ssh/config saying "LocalForward 30000 10.1.1.5:80".
Right now I plan to use option 2 - that way my private home devices are not open to anyone on my workplace network whenever I ssh home but on the other hand I don't have to open a new session whenever I want to access my home network devices.