The Tunnels panel allows you to configure tunnelling of other connection types through an SSH connection.
If your server lets you run X Window System applications, X11 forwarding allows you to securely give those applications access to a local X display on your PC.
This feature will only be useful if you have an X server on your PC, such as Exceed or XWin32.
To enable X11 forwarding, check the "Enable X11 forwarding" box. If your X display is not the primary display on your local machine (which it almost certainly will be unless you have deliberately arranged otherwise), you need to enter its location in the "X display location" box.
Port forwarding allows you to tunnel other types of network connection down an SSH connection.
To set up a local port forwarding, make sure the "Local" radio button is set. Then enter a local port number (on your PC) in the "Source port" box, and a hostname and port number (separated by a colon) in the "Destination" box, and finally press the "Add" button. For example, you might select a source port of 10079, and a destination of server2.example.com:79.
If you do this, and then start the session, you should find that connecting to your local PC on port 10079 gives you a connection to port 79 (the finger server) on server2.example.com. The connection is actually going to PuTTY itself, which encrypts the connection data and sends it down the secure channel to the SSH server. The connection then proceeds in clear from there to the eventual destination. So you might use this (for example) to forward a connection between two non-hostile network zones that are only connected by a hostile zone such as the open Internet.
You can forward ports on the SSH server machine in the other direction, too (so the connection will start at the server end and be sent down the secure connection to PuTTY, which will make the real connection to the destination). To work this way round, just click the "Remote" radio button instead of "Local".