SSH: Tunnelling arbitrary remote hosts

ssh -L local_port:remote_target_ip:remote_target_port ssh_server_ip

for example:

ssh -L 23000:10.0.0.2:23 10.28.50.100

once authenticated against 10.28.50.100, encrypted connectivity to the telnet server running at 10.0.0.2 is possible just connecting to 127.0.0.1:23000

(lsof -i -n would confirm there is a new port listening on localhost:23000)

here is a nicely illustrated quick note for bypassing firewall (inbound) policies.