Hello

I have an ip camera connected to my internal network which I access just using a browser.

I have a server which connects internally and externally to the internet via a cable modem which acts as my main router and firewall

I wish to port forward my camera using ssh so I can access it externally with a mobile device (phone). I currently do this for a secure vnc connection ok but wish to connect my camera in a similar secure manner.

the current camera is a simple edimax ip camera that is just using http on port 80

Well you haven't really provided enough information to be able to help you.

But on the firewall/router machine, you will need to do NAT (Network Address Translation, in this case DNAT, Destination NAT.), which will take a packet (in this case a http request) from the internet, and translate(change) the destination IP address to the Camera's internal IP.
Using iptables, the rule would look something like this (assuming you aren't running any other web servers/etc)...
The first rule does the NAT itself, and the second rule will allow it through the firewall. The second rule is only required if your default policy on the filter/FORWARD chain is drop..

For something like this, I would normally recommend securing it by source IP, so only connections from allowed WAN IP address's are allowed, this is not an option with a mobile device which is most likely going to have a dynamic address. In a case such as this, you could also use a non standard port, and modify the DNAT rule in the above example, to forward from dport "12345" to port 80 on the camera IP. This would also mean telling the client to connect using the alternate port.

The issue I see with securing something like this, is not with the firewall, but with the camera itself. How well do you trust the developers of the camera?