How it works...

What we actually do here is... odd:

1. We SSH to centos2, while saying that any connection attempts made to port 5353 on the remote machine (centos2) are to be passed back over the SSH session to our client (centos1).
2. We then run SSH on our remote machine (centos2), specifying the localhost address and the port that we're passing back to centos1, 127.0.0.1:5353.

1. The connection attempt is passed back over our established SSH session to centos1, where the SSH server accepts the connection request.
2. As a result, we're locally SSH'ing to centos1 by specifying the local address and remote forwarded port on centos2.

Confused? I was the first time someone explained this to me.

To better understand this, we can use the w command.

On centos1, this gives us the following:

[vagrant@centos1 ~]$ w
 12:47:50 up  2:10,  2 users,  load average: 0.00, 0.02, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
vagrant  pts/0    10.0.2.2         10:38    6.00s  1.07s  0.08s ssh -R 5353:127.0.0.1:22 192.168.33.
vagrant  pts/1    127.0.0.1        12:44    6.00s  0.07s  0.05s w

Here, we can see our default Vagrant connection (from 10.0.2.2), but we can also see a local connection.

Apparently, we've SSH'd to our machine from the localhost address (127.0.0.1). This is actually the SSH session we established on centos2 using the following command:

[vagrant@centos2 ~]$ ssh 127.0.0.1 -p5353

On centos2, the w command gives us the following:

[vagrant@centos2 ~]$ w
 12:48:08 up  2:09,  2 users,  load average: 0.00, 0.01, 0.05
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
vagrant  pts/0    10.0.2.2         10:43    0.00s  0.92s  0.04s w
vagrant  pts/1    192.168.33.10    12:44   24.00s  0.07s  0.04s ssh 127.0.0.1 -p5353

Here, we can see our default Vagrant connection (from 10.0.2.2), but we can also see the remote connection from centos1 (192.168.33.10).