for me best trick with ssh so far is to use ssh as proxy command:
ssh -o ProxyCommand="ssh -W %h:%p user@ssh_jump_host.somedomain.net -p some_non_22_port" user@some_host_inside.lan -D 1234
above creates dynamic tunel (for use as socks proxy) through jumphost to reach http hosts available only to some_host_inside.lan machine
above creates dynamic tunel (for use as socks proxy) through jumphost to reach http hosts available only to some_host_inside.lan machine