This command is equivalent to the example given on that page:
ssh myuserid@gate -L 7777:work:22 cat -
Now for some clarification of this weird but effective syntax:
1. Traffic on port 7777 on your local machine goes to "gate" via the ordinary ssh port. "gate" forwards this traffic on to port 22 on "work".
As port 7777 is a local port, you can choose this to be pretty much anything from 1024 onwards and don't have to reconfigure your firewall.
You can change port 22 (ssh) to e.g. http to access the web server on "work" as if you were sitting at "gate". Now access http://localhost:7777/!
2. The name lookup for "work" occurs on "gate", not your local machine. This is very useful.
3. The "cat -" is a hack to keep the tunnel open.
I'm no network guru and have been wanting to learn this for ages but only found explanations that go on for pages about how great ssh forwarding is without actually giving a straightforward example. Others were obsessed with the intricacies of command line options.
For these reasons and because I don't have time to read a tutorial longer than documents I give to lawyers, I still have no idea how to write iptables rules by hand. If all documentation was like that we would all be spending most of our lives reading instead using computers. Hardly, a "simple primer" as claimed. So when I find a simple tutorial about iptables, I'll blog it.