Sometimes you will need to access a service on a client's machine from an untrusted network, but you don't want to expose this client's SSH server to untrusted IP's. If this is the case you can use a trusted machine (a so called jumpbox) as an intermediate to connect to the client's box.
For example, to connect the user test (user available on both jumpbox and production) to a remote mysql server running on production.example.org through jumpbox.example.org the following command can be used:
$ ssh -t -L 3308:localhost:3308 test@jumpbox.example.org \ 'ssh -L 3308:localhost:3306 test@production.example.org'
In this example port 3308 on your local machine will be tunneled to port 3306 on your production machine.
You can even use production.example.org as another jumpbox to create a tunnel that connects to a database server called database.local, that is only reachable from production.example.org:
$ ssh -t -L 3308:localhost:3308 test@jumpbox.example.org \ 'ssh -L 3308:database.local:3306 test@production.example.org'
note: since database.local is behind a firewall mysql will allow network connections.
Installing Openfiler - Part 1 Using mysql load data infile with django