I just checked on my system about just standard port redirection using zentyal.
I have some services ..... transmission-daemon ..... That run on a port other than 80 or 43. I use zentyal redirect to redirect any connection on ports 10000 and 10003 over to my virtual server running transmission-daemon.
I checked the logs of the server and the remote IP addresses of the hosts sending information to transmission can be seen. So in my setup simple zentyal port redirection is not masking the original host IP.
On the same server if I check port 80 and 443 I only see the IP address of the zentyal gateway 192.168.0.1
For me Nginx is my reverse proxy serving content on those ports. I also have HTTP_X_FORWARDED_FOR in my configuration, but it is not working.... just as in your case.
When googling the issue I came accross this (I added the page address and some lines of text from the document):
http://www.ubuntugeek.com/using-nginx-as-a-reverse-proxy-to-get-the-most-out-of-your-vps.html-Lastly, if you don’t want all your apache logs to show 127.0.0.1 for who is accessing your files or your application uses -IP’s to track sessions you need to install libapache2-mod-rpaf. It is painless just issue the command below.
-sudo apt-get install libapache2-mod-rpaf
-reload or restart both Apache2 and Nginx.