Originally Posted by man ssh
Whenever a connection is made to this port, the connec‐
tion is forwarded over the secure channel, and the application protocol is then
used to determine where to connect to from the remote machine. Currently the
SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.
Only root can forward privileged ports. Dynamic port forwardings can also be
specified in the configuration file.
If you use -D then you need a SOCKS proxy aware app. For ssh you can use connect-proxy. On the plus side you don't need to set up explicit tunnels for every ssh connection you want to go through that server. You can also use it to proxy web/email/any other traffic you care through it.
-L binds a specific remote address and port to a local port. It is a little more convenient to setup, you simply connect to the local port as you would the remote one, but it is less flexible, ie you have to explicitly set up each tunnel