Steps:
1. First get a GOOD ftp client (with automatic passive mode when
available) and a GOOD ftp server (with very configurable passive ftp
mode). I am using BulletProof ftp client and BulletProof ftp
server.


2. Get a good SSH client for windows (I tested this with PuTTY -
free and good)


3. Setup your ftp server to run on an acceptable port for your
incoming control session (I used port 2021)


4. Setup your ftp server to tell ftp passive clients that your
real ip is 127.0.0.1 (yes, I know that that seems weird (that's the
localhost self-resolving ip), but trust me, it will make sense)


5. Setup your ftp server to use a very small range of incoming
ports for passive ftp connections (I used 5 ports, 2022 - 2026)


6. Setup your SSH client to use SSH2, and set up the following
local port forwards (using my examples above, substitute your own
ports):
* 2021 (local port)--> 192.168.0.2:2021 (ftp server internal
ip:ftpserver local port for control session)
* 2022 (local port)--> 192.168.0.2:2022 (ftp server internal
ip:ftpserver local port for passive data session)
* 2023 (local port)--> 192.168.0.2:2023 (ftp server internal
ip:ftpserver local port for passive data session)
* 2024 (local port)--> 192.168.0.2:2024 (ftp server internal
ip:ftpserver local port for passive data session)
* 2025 (local port)--> 192.168.0.2:2025 (ftp server internal
ip:ftpserver local port for passive data session)
* 2026 (local port)--> 192.168.0.2:2026 (ftp server internal
ip:ftpserver local port for passive data session)


7. Connect your ssh client with the settings in step 6 to the ssh
daemon on your linux gateway machine in office #2.


8. Your Windows machine in office #1 will now have listening local
ports 2021-2026.


9. Connect your Windows ftp client (in passive mode) to
localhost:2021 (yes, localhost - the connection will be forwarded
via the encyrpted SSH tunnel to the Windows machine in office #2).


10. Login to the ftp server.


11. List files. The data session will be established, and this
will work!!! (I couldn't believe it when this step actually worked,
I've been trying to find a documented solution to this forever)


12. If you want, exit your SSH client, it will close the
psuedo-terminal session, but will not actually exit until the ftp
connections over the tunnel have closed.


13. Make your ftp transfers.


14. Exit ftp. If you already exited SSH, then you are finished.
Otherwise, exit SSH.