In order for the tunnel setup to succeed you must be allowed to connect via ssh as "-p $XXXX $user@$IP", just as if you had attempted to use ssh to set up a terminal session.
Also, make sure that you local port is not a Priv'd port (<1024) as only root can do those. The tendency of you to try $YYYY being 3128 would be an obvious choice, nope, use something else. It is common for ssh to lose track if both ends are the same port. Making it 13128, would be better.
And check to see what the other end reported in the logs to see what failed, as there WILL be something in either syslog or messages or secure or all three.
Make sure you haven't disallowed port forwarding on the remote end.
with -L sometimes you need to specify the acutal address of the local interface, not always, depends on something. In any case use
ssh -p $XXXX -L 127.0.0.1:$YYYY:$IP:3128 $user@$IP
Also, one thing to check, can you do X forwarding from the remote machine period? (ssh -X $user@$IP) then run something like xterm or a applet or something.
And -R is the wrong way for port forwarding. That gets the remote side to channel traffic to the port on the remote side to the local machine. Won't work unless you are tryin to get some at work working from a machine at home. So, if you were running a DB locally you'd like the remote machine to connect to it... etc.