You wouldn't believe how difficult it is to teach the concept of tunneling to some students. It made my brain hurt at times. I guess once you get it you just get it.
Actually the concept is easy as those diagrams demostrate. It's the syntax in ssh that's hard to grasp. They should keep the current one forever but deprecate it. Then add a parallel syntax easier to understand. Example
ssh connect
remote myserver:80
to local 172.27.17.2:8080
one-way
The syntax should totally do away with the concept of tunneling, connecting ports is easier to grasp IMHO.
BTW I'm not sure that the "one-way" argument is really needed.
Also this is one of the coolest uses of SSH tunnels that I recently found: https://github.com/regymm/termux-reverse-ssh
It's pretty scary how some vendors poke holes into your home network using tunnels.