How to setup DMZ with Airport behind a router (double NAT issue)

My cable provider shipped a new modem which includes WLAN, and thus also a router. It hands out 192.168.0.X adresses via DHCP.

My Airport's WAN side is connected to this router, and gets an address out of the above range. The ISP's router has no address reservation facility, so the address that the Airport gets can vary.

The Airport is configured to hand out 192.168.243.X addresses via it's own DHCP server. As expected it complains about "double NAT". For the moment I have fixed the issue by disabling the ISP's router and WLAN completely (bridge mode).

However, I'd actually like to use the feature. My desired setup would be:

• ISP's Router
• Airport, using e.g. 192.168.0.10
• Web Server, opening port 80, using e.g. 192.168.0.20. The ISP's router supports port forwarding, so I can do this.

On the Airport's LAN side, I'd like to span an independent 192.168.243.x subnet, that cannot be reached from the web server. In a way, the web server would be in a "DMZ", isolated from the rest of my home network.

The problem is: The Airport doesn't let me do this! When I connect any device to the LAN side of the Airport, I get a 192.168.0.x address from the ISP's router, and not a 192.168.243.x address from the Airport. The Airport acts like it is in bridge mode, even though it isn't.

How can I set this up the way I want to?