HTTP proxies might also be an alternative.
While we currently leans towards HTTP proxies, there are arguments for SOCKS as well. For example, ssh actually has built-in socks server support. There's also some discussions on the VNC list about adding SOCKS support to TigerVNC.
OpenSSH does support SOCKS proxies nowadays. See for instance http://www.debian-administration.org/articles/449
See also: bug 3003.
There are two main ways of doing this, either by having some ThinLinc specific gateway (like Microsoft and Citrix does things), or by having a more standardised reverse proxy (using something like bug 500). The problem with the second approach is how to configure clients. Manually pushing configuration to all clients doesn't really scale well. And you don't want to force users to reconfigure their proxy settings when switching servers. One idea on how to deploy this is TXT records. Look at DNS-SD for an example of how they can be used to effectively convey out of band details. The big question is how feasible it is for administrators to configure their DNS zones in this way.
https://community.thinlinc.com/t/jumphost-support/275
https://community.thinlinc.com/t/another-tunneling-question/402/3
*** Bug 4358 has been marked as a duplicate of this bug. ***