Você precisa usar a opção Endereço de vinculação de ssh:
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host
is to be forwarded to the given host and port on the
remote side. This works by allocating a socket to lis‐
ten to port on the local side, optionally bound to the
specified bind_address. Whenever a connection is made
to this port, the connection is forwarded over the
secure channel, and a connection is made to host port
hostport from the remote machine. Port forwardings can
also be specified in the configuration file. IPv6
addresses can be specified by enclosing the address in
square brackets. Only the superuser can forward privi‐
leged ports. By default, the local port is bound in
accordance with the GatewayPorts setting. However, an
explicit bind_address may be used to bind the connection
to a specific address. The bind_address of “localhost”
indicates that the listening port be bound for local use
only, while an empty address or ‘*’ indicates that the
port should be available from all interfaces.
Portanto, por exemplo, para vincular a porta local 1234 à porta 6667 do servidor remoto server.example.com, você faria algo assim:
ssh -f -L 1234:localhost:6667 server.example.com