Sorry i should have been a little more clear on my intentions
The networks are set up, running with acls in place working fine, i can communicate between the networks how i please.
The point is ssh must remain open as my users need it.
My problem is, because of the nature of work the profiles on the NT 5.1 systems cannot be locked down at all.
The reason i am questioning the possibilty of such back tunneling is because in theory if it was possible, any one of my users could
# install a service
# run a ssh connection to an external networks sshd, such as a
home pc
#use back tunneling to connect to that service
for example with vnc, you can send vnc connect requests to a listening server on port 5500, this port is of course blocked on the gateway but could be tunneled straight through using ssh.
I realise vnc connect doesnt use a reverse tunneling method but it did get me thinking of the possibilitys :p
Sorry for the confusion