What'd be preferable to both of those, but even harder to implement, would be to route that traffic (or even all traffic) through a transparent proxy with an IP outside the /16.
It actually wouldn't be that hard. If I could find somebody that'd setup the other side for me, I could configure my server to send those requests out a virtual interface (GRE, IPSEC, etc.) so it could emerge somewhere else.
I like being able to run an exit node, and I'm effective at dealing with external complaints. I just can't have the library folks whining about somebody stealing journal articles (note .. this has only happened once in ~6mos, but it's a concern nonetheless).
~Mike.