How to- Tunnel Traffic through Firewall and Remote Desktop

My department has rigid access rules, which prevail in today’s internet jungle. Sadly enough, connecting to one’s working environment is not as easy as it used to be. It took more than a breath of time and understanding to configure all the access methods I need. Though all stated here are trivial, I feel keeping a memo quite necessary, especially when all the department guidelines themselves are within the firewall.

Scenario
a) IP address space protected by a filewall
b) Access server sitting just on border of the firewall, only tunneling allowed
c) Well-known department servers inside the filewall
d) Office computer, with domain/username account and domain-affiliated NFS (OS: Windows XP SP2)
e) Home computer, OS: Windows Vista (yes, I know Linux will make remote access easier, but what about drivers of all the cool new hardware I paid big money for?)

Software on client side: OpenSSH (on Cygwin) or PuTTY or SSH Secure Shell, WinSCP

Goal 1: Set up tunnels through a border server
Edit the configuration file for OpenSSH (or do similar stuff to other clients), open the file ~/.ssh/config and put the following lines in:
host name_it_yourself
hostname hostname_domainname
user username
ForwardAgent yes
LocalForward custom_port1 hostname1:port1 #list as many as u wish
LocalForward custom_port2 hostname2:port2
IdentityFile ~/.ssh/key_for_host/id_dsa #where to store private key if pubkey is used

kick-start everything else with ssh name_it_yourself and leave it running in the background. From now on, all remote access appear as reaching for some local customized port. All the ugly things (almost all) are taken care of by the tunneling mechanism.

Goal 2: Connect to well know server inside firewall
Specify a portforwarding rule in 1, and then create a new profile (i.e. adding a new paragraph in OpenSSH config file) looking like this:
host name_it_yourself
hostname localhost # since we have already tunneled it
user username
ForwardX11 yes
port custom_port1
IdentityFile ~/.ssh/id_file
Login by running ssh name_it_yourself

Goal 3: SSH to office computer
A SSH server is required on the remote end, OpenSSH on Cygwin is one of the easiest way to do this. Set OpenSSH to service mode so that sshd.exe is lauched at booting.
On the client side, add another profile for office computer similar to 2. Remember to set up a tunnel in 1. With better control of the server end, public key authentication can be used to save password typing. Use ssh-keygen under Cygwin for a pair of keys:
ssh-keygen -f ~/.ssh/key_file -t rsa #specify where to put keys and which authentication protocol to use
Keep the private key safe and sound, probably protecting it by a password.
Distribute the pub key file on office computer by concatenate it to the SSH authorized key file (change path of the pub key accordingly):
cat ~/key_file.pub >> ~/.ssh/authorized_keys 

Note: If you are using PuTTY for tunneling, remember that pub key pairs generated by PuTTY is not 100% compatible with OpenSSH. Minor modification required, or simply stick to ssh-keygen and import it in PuTTY.

Goal 4: FTP-like file access
WinSCP is a good candidate, supporting SCP and SFTP. Create a new profile in WinSCP, if pubkey is used, private key file should be loaded. WinSCP uses PuTTY style private key, and OpenSSH keys are alien to it. Therefore, a private key generated in a UNIX environment should be imported using PuTTYgen.exe and saved in PuTTY style (.ppk) before using.

Goal 5: Remote desktop to office computer
Add a tunnel to the remote RDP port by adding a line to profile in 1:
LocalForward local_port office_computer_domain:RDP_port
Make sure remote desktop is allowed on remote OS and the user is granted access. Run remote desktop on local machine and access localhost:local_port.
Note On Windows XP SP2, access to 127.0.0.1: is not allowed (loopback), use 127.0.0.2 instead. On Windows XP/2003, RDP listens on port 3389, while Windows Vista listens on 3390. Therefore, one cannot map these port as the local_port.