Actually you can use iptables to push packets from certain realservers
out certain IP's. Here is my ipvs_firewall startup script I wrote. This
script also allows your real servers to connect to the outsite world
through the LVS server. This is a SuSe start script so will need to be a
little modified to work with RedHat, etc.

From: Brad Dameron <brad@seatab.com>
Date: Fri, 19 May 2006 09:47:14 -0700
/etc/init.d/ipvs_firewall

#! /bin/sh
#
# This script will configure IPTables to allow real servers access to
the outsite world.
# It also allows real server outbound IP redirection.
#
# By Brad Dameron <brad@seatab.com> SeaTab Software Inc. - 02/05/2006
#
### BEGIN INIT INFO
# Provides:          IPVS Firewall Rules
# Required-Start:    $local_fs $network boot.localnet
# Required-Stop:
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Description:       Configure IPTables for NAT
### END INIT INFO

# Check for existence of needed config file and read it
IPVS_FIREWALL_CONFIG=/etc/sysconfig/ipvs_firewall
test -r $IPVS_FIREWALL_CONFIG || { echo "$IPVS_FIREWALL_CONFIG not
existing";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 6; fi; }

# Read config
. $IPVS_FIREWALL_CONFIG

. /etc/rc.status

# Reset status of this service
rc_reset

case "$1" in
    start)
        echo " "
        echo "Starting IPVS Firewall Rules "

        echo "Turning on forwarding"

        echo "1" > /proc/sys/net/ipv4/ip_forward

        echo "  External Interface:  $EXTIF"
        echo "  Internal Interface:  $INTIF"
        echo " "
        echo "  External Network: $EXTNET"
        echo "  External IP Range: $EXTIPRANGE"
        echo "  External IP: $EXTIP"
        echo " "
        echo "  Internal Network: $INTNET"
        echo "  Internal IP:      $INTIP"
        echo " "
        echo "  - Verifying that all kernel modules are ok"
        /sbin/depmod -a

        echo -en "    Loading kernel modules: "

        echo -e "ip_conntrack_ftp, "
        if [ -z "` $LSMOD | $GREP ip_conntrack_ftp | $AWK {'print $1'}
`" ]; then
           /sbin/modprobe ip_conntrack_ftp
        fi

        echo -e "ip_nat_ftp"
        if [ -z "` $LSMOD | $GREP ip_nat_ftp | $AWK {'print $1'} `" ];
then
           /sbin/modprobe ip_nat_ftp
        fi

        echo -e "ip_vs_ftp"
        if [ -z "` $LSMOD | $GREP ip_vs_ftp | $AWK {'print $1'} `" ];
then
           /sbin/modprobe ip_vs_ftp
        fi


        echo " "
        echo "  Clearing any existing rules and setting default policy
to DROP.."
        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -F INPUT
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -F OUTPUT
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -F FORWARD
        $IPTABLES -F -t nat
        if [ -n "`$IPTABLES -L | $GREP drop-and-log-it`" ]; then
           $IPTABLES -F drop-and-log-it
        fi
        $IPTABLES -X
        $IPTABLES -Z

        echo "  Creating a DROP chain.."
        $IPTABLES -N drop-and-log-it
        $IPTABLES -A drop-and-log-it -j LOG --log-level info
        $IPTABLES -A drop-and-log-it -j REJECT

        echo -e "\n   - Loading INPUT rulesets"

        $IPTABLES -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j
drop-and-log-it

        $IPTABLES -A INPUT -i $EXTIF -p ICMP -s $UNIVERSE -d $EXTNET -j
ACCEPT

        for d in $TCP_DROP_PORTS
        do
            $IPTABLES -A INPUT -i $EXTIF -p tcp -d $UNIVERSE --dport $d
-j drop-and-log-it
        done

        for d in $UDP_DROP_PORTS
        do
            $IPTABLES -A INPUT -i $EXTIF -p udp -d $UNIVERSE --dport $d
-j drop-and-log-it
        done

        echo -e "   - Loading OUTPUT rulesets"

        $IPTABLES -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j
drop-and-log-it

        $IPTABLES -A OUTPUT -o $EXTIF -p udp -d $EXTBROADCAST --dport
513 -j DROP

        echo -e "   - Loading FORWARD rulesets"

        echo "     - FWD: Allow all connections OUT and only
existing/related IN"
        $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
        $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
        $IPTABLES -A FORWARD -i lo -o $EXTIF -j ACCEPT
        $IPTABLES -A FORWARD -j drop-and-log-it

        echo "     - NAT: Enabling SNAT (MASQUERADE) functionality on
$EXTIF"

        i=1
        count=${#NAT_IP_FORWARD[@]}

        let "count = $count + 2"

        while [ "$i" -lt "$count" ]
        do
            NAT_SOURCE=`echo ${NAT_IP_FORWARD[$i]} | $CUT -f1 -d:`
            TO_SOURCE=`echo ${NAT_IP_FORWARD[$i]} | $CUT -f2 -d:`

            if [ -z "$NAT_SOURCE" ]
            then
                let "i = $i + 1"
                continue
            fi

            echo "     - NAT: Setting $NAT_SOURCE to forward through IP
$TO_SOURCE"

            $IPTABLES -t nat -A POSTROUTING -s $NAT_SOURCE -o $EXTIF -j
SNAT --to-source $TO_SOURCE

            let "i = $i + 1"
        done

        #
        # Add in all others to go to primary IP
        #
        $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to-source
$EXTIP

        echo " "
        echo -n "Finalizing load "

        # Remember status and be verbose
        rc_status -v
        ;;
    stop)
        echo -n "Clearing IPVS Firewall Rules"

        $IPTABLES -P INPUT ACCEPT
        $IPTABLES -F INPUT
        $IPTABLES -P OUTPUT ACCEPT
        $IPTABLES -F OUTPUT
        $IPTABLES -P FORWARD ACCEPT
        $IPTABLES -F FORWARD
        $IPTABLES -F -t nat

        if [ -n "`$IPTABLES -L | $GREP drop-and-log-it`" ]; then
           $IPTABLES -F drop-and-log-it
        fi
        $IPTABLES -X
        $IPTABLES -Z

        # Remember status and be verbose
        rc_status -v
        ;;
    try-restart|condrestart)
        ## Do a restart only if the service was active before.
        ## Note: try-restart is now part of LSB (as of 1.9).
        ## RH has a similar command named condrestart.
        if test "$1" = "condrestart"; then
                echo "${attn} Use try-restart ${done}(LSB)${attn} rather
than condrestart ${warn}(RH)${norm}"
        fi
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        # Remember status and be quiet
        rc_status
        ;;
    restart)
        ## Stop the service and regardless of whether it was
        ## running or not, start it again.
        $0 stop
        $0 start

        # Remember status and be quiet
        rc_status
        ;;
    status)
        echo " "
        echo "Displaying IPVS Firewall Rules"
        echo " "

        $IPTABLES -L
        $IPTABLES -L -t nat

        echo " "

        ;;
    *)
        echo "Usage: $0 {start|stop|status|try-restart|restart}"
        exit 1
        ;;
esac
rc_exit


-------------------------------------------------------------------------

/etc/sysconfig/ipvs_firewall

#
# Application paths
#
IPTABLES=/usr/sbin/iptables
LSMOD=/sbin/lsmod
GREP=/usr/bin/grep
AWK=/usr/bin/awk
CUT=/usr/bin/cut
#
#
# Interface information - External and Internal Inferfaces. + means to 
# include all
#
EXTIF="eth0+"
INTIF="eth1+"
#
# External IP info - Enter primary external IP.
# RANGE is of format - Lowest external IP - Highest external IP
#
EXTIP="0.0.0.0"
EXTIPRANGE="0.0.0.0-0.0.0.0"
EXTNET="0.0.0.0/255.255.255.0"
EXTBROADCAST="0.0.0.0"
#
# Internal IP info
#
INTNET="192.168.1.0/24"
INTIP="192.168.1.1/24"
#
# Unallowed ports - Block these ports from everywhere
#
TCP_DROP_PORTS="23 25 37 123 111 512 513 514 2583 79"
UDP_DROP_PORTS="37 111 123 512 513 911 2049 4045 2583"
#
# Global Internet IP/Netmask
UNIVERSE="0.0.0.0/0"
#
#
# Internal NAT IP redirect - Format is <realserver>:<external ip>
#
NAT_IP_FORWARD[1]="192.168.1.71:0.0.0.0"
NAT_IP_FORWARD[2]="192.168.1.100:0.0.0.0"
NAT_IP_FORWARD[3]="192.168.1.120:0.0.0.0"
NAT_IP_FORWARD[4]="192.168.1.154:0.0.0.0"
NAT_IP_FORWARD[5]="192.168.1.140:0.0.0.0"
NAT_IP_FORWARD[6]=""
NAT_IP_FORWARD[7]=""
NAT_IP_FORWARD[8]=""
NAT_IP_FORWARD[9]=""
NAT_IP_FORWARD[10]=""