Lets say you want to get to your database, but it isn't exposed:
You want to forward some port on DMZ to the DB. Lets say it is Oracle running on 1521. Then, from the DMZ host you should issue the following command:
ssh -g -L 5000:DB_HOST:1521 boneill@DB_HOST
At this point, you should be able to connect to DMZ:5000 as if it were DB:1521.
REALLY REALLY IMPORTANT is the "-g", that allows remote connections to 5000. Otherwise, it will just bind to the local interface and you won't be able to connect from CLIENT.