When we perform the network penetration testing. Usually clients having the two type of the infrastructure including internal and external.

Consider you got access to the external system (Linux Flavor). The every first command i uses - ifconfig and netstat -antup to find if this system is connected to any internal system.

If your lucky in this case, you find that external system is connected to the some of the internal system. The first problem is enumeration of the internal system to find the vulnerability. To overcome this issue you will have to use the ssh tunnel functionality provided by the ssh utility.

The following command will one the port 445 in attacker machine, and you can access the 445 port of internal system from your attacker machine. In the below given command 192.168.1.1 is internal system and 192.168.2.1 is external system which you manged to gain access.

Code:
ssh -L 445:192.168.1.1:445 root@192.168.2.1 -p 22
The more details of command you can find here