Well, NFSv4 now combines features into single RPC, so you only need one port.
With older NFS versions, you needed another tunnel to make it really work. I never got it to work with older versions (which is not to say it's impossible).
But, with NFSv4 you just need one, something like:
% ssh -2 -f -N -L 3049:127.0.0.1:2049 bbzz@a.b.c.d
Now I could mount the package directory of my building server with say:
# mount -o nfsv4 -o port=3049 localhost:/usr/ports/packages /mnt
Couple of nice things, first, since the user created the tunnel this could ease some administration which now doesn't need direct root (obvious, but nice).
Also, since ssh initiates its own connection sourced from a tunnel endpoint, server security can be tightened even more to accept connections from say, only 127.0.0.1.