Firefox over SSH's SOCKS-proxy

-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen
to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to
this port, the connection is forwarded over the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are sup‐
ported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forward‐
ings can also be specified in the configuration file.


-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on
the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to
the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over
the secure channel, and a connection is made to host port hostport from the remote machine. Port forward‐
ings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative
syntax: [bind_address/]port/host/hostport or by enclosing the address in square brackets. Only the supe‐
ruser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts
setting. However, an explicit bind_address may be used to bind the connection to a specific address. The
bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty
address or ‘*’ indicates that the port should be available from all interfaces.