I don't know that you can do this. In my WireShark testing, RDP session initiation starts with a TPDU packet (which may or may not contain the mstshash cookie), and the server name doesn't show up until the next continuation packet. I think you'd necessarily need to get the server name in the first packet to be able to direct the traffic. Not saying it's impossible, just highly unintuitive.
One other possible approach would be to use the RDP client functionality in APM. It solves your original requirement of using a single IP address for all RDP traffic, plus can provide single sign-on, links to RDP resources (potentially based on rights), links to other resources (Citrix, View, web, etc.), session tracking and management, and is pretty darn easy to configure and use. Just a thought.