I have a need to open a tunnel occassionally from work to home. The only ports going to the outside world are 8080, 8081 and 8082. I'd like to be able to ssh to my home server, or possible use nomachine (nxclient) over this tunnel. I have opened those ports on my firewall at home. I've looked at the documentation and everything that I can find on the subject, but it's a little confusing since I can't find anyone who wants to do exactly what I'm asking.
HTTP tunneling is not an option for me, it's a little too unreliable and drops connections sporadically, causing entries into some system level log files...

Do I need to run an ssh server (on my home server) that listens to, say, 8080 and forwards to port 22? Is the setup only on the client?

Thanks in advance for your help.

If I understand your situation correctly, all you need to do is have sshd (ssh server) on your home server listen on port 8080. When you make a connection, you then tell the ssh client to use that port instead of port 22. All of the normal options for ssh should work.

That sounds like what I want - what would be the syntax for the server and the client calls to ssh?
There isn't any problem with ssh listening on one port and forwarding to port 22 (its normal listener)?

What I described does not involve "forwarding to port 22." The server simply listens on a different port. It is possible to leave it listening on port 22 and forward the incoming connection to port 22, but unless you have a need to have the ssh server also listening on port 22, I would recommend just changing its listening port.

To do that, you need to edit /etc/ssh/sshd_config. You must do this as root, but you can use your favorite editor. Find the line that says

Port 22

and change 22 to the port you want to listen to. You must then restart sshd or, if you know what you are doing, sending the root sshd process a SIGHUP. If you connect using the ssh command, you can simply include the option -p 8080 along with any other options on the command line. You can also edit ~/.ssh/config ("~" just refers to your home directory). to include a Port statement like you did for the server, and it will use that port automatically unless you override it on the command line.

EDIT: What I described above for the server is correct if the server is directly connected to the Internet. If there is a "router" (more accurately a NAT device or hardware firewall) between the server and the Internet, then you must set the "router" up to do port forwarding. (Consult its manual on how to do this -- I can't advise.) In that case you can leave the server itself listenning on port 22 if you wish.

Do you mean you are you behind a proxy server? Open a terminal/command prompt and do "ping google.com". Do you get a response? If you don't get a response, then you are behind a proxy server. You can use NX to create a ssh tunnel through your proxy server at work to your machine at home.