So $_SERVER['HTTP_X_FORWARDED_FOR'] contains the IP address that should be logged? I think you just need to change Logged IP address source to "HTTP_X_FORWARDED_FOR, REMOTE_ADDR" in Moodle. Thus if HTTP_X_FORWARDED_FOR is present then this is the IP address that's logged. If it's not present then REMOTE_ADDR is logged.
I don't think you need mod_remoteip, this just tells Apache to substitute REMOTE_ADDR with whichever field you've specifed in RemoteIPHeader. You would use this only if you had a website (i.e. not Moodle) that did not read HTTP_X_FORWARDED_FOR.