For an explanation of the theory, see this article.
$ ssh -N -L 8000:discuss-test:80 vader
-N — Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only)
-L [bind_address:]port:host:hostport —
Specifies that the given port on the local host is to be forwarded to the given host and port on the remote side. (See example below) This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine.
-L 8000:discuss-test:80 vader
8000 — port on the local client to be forwarded to the given host and port on the remote side
discuss-test — remote host
80 — port on the remote side
vader — intermediate server