For your budget, you’re best off building a custom BSD or Linux platform firewall. The cheapest Sonicwall appliance that would work would be about $1200 for the Sonicwall 1260.
I’m not sure why you say that you cannot nat 3 subnets into one address. Cisco routers can run DHCP, but, if you’re running a Windows domain, you should service DHCP from the domain.
Most organization would setup the network similar to the following diagram:
Your web server would be in the DMZ directly off of either a screened subnet (2 firewalls with a DMZ in the middle) or directly off an interface in the firewall. That could be NATted if you wanted it to be. Your internal network would connect to another interface on the firewall or to the second firewalls inside interface. There in the inside network would be your three subnets with computer connected to them. You would then have the option of natting each subnet to a different range or different IP on the outside of the firewall or could nat everything to the same range or IP on the outside. You would also do your natting on the firewall itself, not the router. If you nat on the router, everything will be converted to the inside address of the router and logged as such, bringing up the problem you presented.
Hope this helps,