diff --git a/irc/connection_limits/limiter.go b/irc/connection_limits/limiter.go
index 8ce15a39..f9f912cd 100644
--- a/irc/connection_limits/limiter.go
+++ b/irc/connection_limits/limiter.go
@@ -58,13 +58,8 @@ func (cl *Limiter) AddClient(addr net.IP, force bool) error {
 	cl.Lock()
 	defer cl.Unlock()
 
-	if !cl.enabled {
-		return nil
-	}
-
-	// check exempted lists
 	// we don't track populations for exempted addresses or nets - this is by design
-	if utils.IPInNets(addr, cl.exemptedNets) {
+	if !cl.enabled || utils.IPInNets(addr, cl.exemptedNets) {
 		return nil
 	}
 
@@ -85,7 +80,7 @@ func (cl *Limiter) RemoveClient(addr net.IP) {
 	cl.Lock()
 	defer cl.Unlock()
 
-	if !cl.enabled {
+	if !cl.enabled || utils.IPInNets(addr, cl.exemptedNets) {
 		return
 	}
 
diff --git a/irc/gateways.go b/irc/gateways.go
index 09a551ef..6b47d01d 100644
--- a/irc/gateways.go
+++ b/irc/gateways.go
@@ -63,6 +63,9 @@ func (client *Client) ApplyProxiedIP(session *Session, proxiedIP string, tls boo
 	if isBanned {
 		return errBanned, banMsg
 	}
+	// successfully added a limiter entry for the proxied IP;
+	// remove the entry for the real IP if applicable (#197)
+	client.server.connectionLimiter.RemoveClient(session.realIP)
 
 	// given IP is sane! override the client's current IP
 	ipstring := parsedProxiedIP.String()