If they are behind a proxy, there are several headers that could be present if the proxy isn't 'clean'
X-Forwarded-For
Client-ip
are two that are most frequent.
I think the first real geotargeting I saw was code I wrote in '94 to sell DSL to local businesses and advertise to surfers that were coming from competing ISPs. Then, Altavista was the next one I saw in '99 throwing South Florida advertisements on searches. I was very intrigued by that when Amazon and TV Guide started shortly after that. TV Guide knew where you were by a cookie set when you put in your local TV preferences. CNN collected the data for your zip code for the weather reports, etc.
http://www.maxmind.com/ is the source of the database that most people use. Its pretty easy to use, although, they have no concept of threaded programming so their mod_apache script is a bit useless when you're pushing a lot of traffic.