lextre at trelex dot co dot uk wrote:
> The WAN NIC has a static IP address assigned by my ISP and the LAN ip is
> 10.195.136.x.
> 
> When I check using services such as whatismyip the public ip is always
> returned. I assumed (perhaps 
> incorrectly) that by completely disabling NAT any outgoing connections from
> a workstation will use the  
> internal ip address or am I misunderstanding something?

All 10.x.x.x network addresses are among a reserved group known as 
private addresses. They cannot be used on the Internet as the routers 
outside of your firewall are all programmed to drop them. Therefore, 
your m0n0wall is still doing something to translate your local addresses 
into addresses that can be routed. In addition, your ISP is probably 
only providing you with a single IP address, not a block of addresses, 
so you have no choice but to map the computers on your local network 
into that one address. The two primary options for that are NAT and proxy.

One way to figure out which is being used it to open a console on your 
workstation and run 'netstat -an' while you are browsing. Look at the 
remote addresses for the connections on port 80. If they are the local 
address for your m0n0wall, it is acting as a proxy firewall. If they are 
the remote servers, it is still doing NAT.

If you actually want a block of public addresses for your local network, 
you will need to talk to your ISP about their commercial options. But 
even if you do pay for the additional addresses, they will still have to 
assign them to you from their pool of available addresses. You can't 
simply choose a set of addresses and expect them to fit into the 
existing network. Now that all of the IPv4 addresses have been 
allocated, there is no chance that you will be able to make that work.

Bob McConnell
N2SPP