Tunneling - more
Now we need to tell PuTTY the ports we want to forward. Back in PuTTY expand Connection->SSH->Tunnels. Enter 1443 (or anything you want above 1024) in Source Port and 127.0.0.1:443 in Destination (Figure 6).
Figure 6: Entering the Tunnel settings
Now save your session, connect and then log in using your preferred method. Your PC should now be listening on port 1443 (or whatever port you entered). Anything that PuTTY receives will be forwarded to Port 443 on your client machine.
You can test this by creating another PuTTY session and connecting to 127.0.0.1 port 1443. Hopefully it will now just connect to your server, but this time you didn't enter a proxy or anything. You are in fact creating an SSH connection over a SSH tunnel. Doubly secure!
Tunnelling works with pretty much anything, not just SSH. For example, it is commonly used to secure VNC connections. Note that you don't have to set the destination IP address to be 127.0.0.1. It can be anything that the server machine can see, such as other machines on the local network or Internet.
Using this approach, I have one gateway machine (my Linux box) which I SSH to, and then use tunneling to access other services such as VNC, SCP, Remote Desktop and POP mail on other machines in my home network. That way I only have to have a single port open on my firewall, so the chances of being compromised are minimized.
Note: It is easy to tell SSH (and thus rsync) to connect via a proxy without going through the trouble of setting up a tunnel using PuTTY. You need a tiny little C program called Connect for this.
Unfortunately, the people that bundle rsync into cwRsync don't include a rather important file (sh.exe), which is needed to run the Connect executable. I have emailed them asking them to add it. But in the meantime if you want to use Connect, you will have to go with a full Cygwin install, which is beyond the scope of this article.