It's quite common for servers to be located behind a gateway, firewall, or load balancing server. The server will have a private (non-routable) IP address and the gateway machine will have a public IP address to allow remote connections.
If you want to remotely administer the end server then you can easily ssh into the gateway and from there ssh into the end server but if you want to do more than just get a remote shell on the target machine (for example connect to its webserver port or a database port) then you will need to use ssh tunnelling.
Since there is a gateway machine in between you and the target server, you will need to chain 2 ssh tunnels together. Here is how to do it.
Say you have a gateway machine with public IP and a private server running Apache for your intranet on port 80.
Remote client ----------> ---------->
Step 1: ssh from your remote client to the gateway machine and tunnel port 80 on your client to a free port on the gateway (e.g. 6789):
ssh [email protected] -L 80:localhost:6789
Step 2: From the shell on the gateway, ssh to the target server and tunnel port 6789 from the gateway machine to port 80 on the target server:
ssh [email protected] -L 6789:localhost:80
Step 3: Now your remote client can access the target server on port 80 using:
If the URLs on the target server use a domain name then you can map that to in your hosts file on the remote client:
sudo nano /etc/hosts