I have a little WRT54GL router that runs OpenWRT. It is very convenient to be able to SSH into the router, and even more convenient to make tunnels.
In opensshd, there is an option
that needs to be turned on. It allows the SSH server to listen to ports and forward them back to the client. Also it allows other machines to connect to that port on the SSH server, not just the SSH server.
Well, for dropbear (the SSH implementation of OpenWRT), things are a little different. First, you need to start the dropbear deamon with the flag -a. Preferably:
option 'GatewayPorts' 'on'
Second, when you invoke ssh, you need to specifically tell dropbear to listen to the network interface (not to localhost). Example:
$ ssh -l root -R 18.104.22.168:7777:10.2.2.12:80 22.214.171.124
This assumes you are on a client, on the 10.2-network. Your OpenWRT is on the internet (IP=126.96.36.199). Connections made to 188.8.131.52, port 7777 will be tunneled through SSH back to the client. The client will in turn make a new connection to 10.2.2.12, port 80 and forward all traffic there. So, in this case, an internal webserver is exposed on the internet.
With other sshd servers, it may be enought to make the call
$ ssh -l root -R 7777:10.2.2.12:80 184.108.40.206
and sshd will listen to all interfaces.