Sometimes we want to access a locally available device from a external facing ip address. (e.g. Like a computer on a local lan network with a separate wireguard interface.)
We can do this by using a SSH tunnel
ssh user@remotehost -L localport:host_reachable_from_remote_host:remoteport
e.g.
ssh user@10.25.3.1 -L 8080:10.10.0.1:80
This will create a tunnel to 10.10.0.1 port 80 on the remote network (reachable from the machine at 10.25.3.1), to the local port 8080. Viewable via http://localhost:8080 in your browser.
If you want to avoid having ssh open the shell connection on the remote machine, and just leave the tunnel open, use the switch -N for example.
ssh -N user@10.25.3.1 -L 8080:10.10.0.1:80