Here is what I'm looking to do:

I want to login to a remote Linux ssh shell and use some utility (I'm thinking netcat) to open a port on the remote machine. Call this port X. When someone (I) connects to port X on the remote shell, I want it to forward all the traffic to another remote machine at port Y.

box1 --> Linux ssh shell (box2) to open port X which will forward to box3 port Y
box1 --> box2 port X --> box3 port Y

I want to do this because box1 is blocked via firewall to box3, but box2 is not

I am admin/root on box1 and box3 but not on box2

I know I can just open box3's firewall to allow box1, but box1 will always have a different IP
box2 and box3 will always have the same IP address.

Can I accomplish this with netcat?

If not, what utility can I use to accomplish this?

box1 will almost always be a XP Pro box. box3 is either 2K Server or XP Pro
box2 will always be a Linux box.

My other option is to just open up a vpn on box3 and allow from two ISPs netblocks.
However, box1 will not always have vpn client software on it...

Thanks for any insight!