You have to travel from the outside in. Or just use your Private IP (normally 192.168.1.xxx) from your your own network. But the end result will still be the same. REMOTE_ADDR contains the IP of the connecting client. But HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR DO NOT, they can contain bad things.
Logic without the fatal effects.
All code snippets are licensed under WTFPL.