The main reason that people would need to create a tunnel is if you need to remap one port to another, or you need to pipe data through another machine to avoid a firewall or perhaps you want to encrypt a data transmission that isn't normally encrypted; all of these are common uses for SSH tunneling.
To create a tunnel from your current machine (machine A) to a remote machine (machine B) on a specific port you can use the syntax below: ssh -N -f -R *:remoteport:localhost:localport remoteuser@remotehost
So for example if you wanted to map port 3306 on your local machine to port 3307 (MySQL) on a remote server named cheese.com with the user robert, you would use the command below: ssh -N -f -R *:3307:localhost:3306 firstname.lastname@example.org
This will now allow you to access port 3306 on machine A by connecting to the specified port (3307 in this case) on machine B (if you would rather have the tunnel process background instead of staying active in a terminal window you can add the -N and -f switches to the start of the command directly after the ssh command).
If you're able to create an SSH tunnel but you're unable to do anything with the tunnel due to the following error message (the number may be different): channel 3: open failed: administratively prohibited: open failed
Then this is because the sshd_config file needs to be edited to allow forwarding. The following two values need to be modified (or created if they don't exist) in the sshd_config file, normally located in /etc/ssh. AllowTcpForwarding yes
Once this change has been made, restart the SSH process and then reopen the tunnel.