Avoiding DNAT

[Woody]

Greetings..

Maybe I can get a second head on my little problem...

I have a webserver with an internal non-routable, private address. I have
one static class A that's currently my firewall.

I'm currently DNATing port 80 requests to the internal webserver. However,
I'm running Webalizer, and I still want to have website data from the
machines that visit, instead of the firewall IP being the only thing
that's showing up in my web server logs. 

Is there any way to avoid DNATing the packets so that I can retain the
original requestor's IP address?