I've been doing my homework and I'm going to answer my own question.
The key seems to be separating my network infrastructure in to separate pieces: a router/firewall to connect to my cable modem, a gigabit switch to drive my wired home network, and wireless access points off the gigabit switch for the wireless access on my network.
In doing my research I think my DIR-655 is falling down because of the wireless -- that seems to be the high-demand piece of what's it doing. The gateway/NAT duties, DHCP and DNS stuff it's doing seem reasonably undemanding. If I can switch off the wireless radio on it, it should be stable. It seems like it's a rare thing in the SoHo space to find a firewall/router box with 4 GBit ports on it like the DIR-655 has. I'll try and make it last a little longer because of that.
So the next step is to get a gigabit switch. Something with ~24 ports and with a least a few of the ports offering power-over-ethernet. I'll wire as much of the house as I possibly can. Which, when I look at it, is a pretty decent amount of stuff that's using the network. Except for the phones and the laptops, everything else could get wired without too much difficulty.
Shortly thereafter I plan to buy a high power, dual-band wireless access point that can be powered over ethernet. The PoE is key because it'll let me situate the one wireless access point under my stairs between my first and second floors, where running standard power would be difficult, which is the optimal place for whole-house wireless coverage. This gets the WAP above ground (my DIR-655 is in my basement, along a concrete wall, hence the zero coverage outside my house) so I should be able to enjoy a little signal and the front and back of my house.
The DIR-655 can remain, serving as the DHCP and the gateway/firewall/NAT box to my cable modem. Though I may look to replace it with a consumer-grade router I can run Tomato on as this would give me the multiple-machines-in-the-DMZ feature I'm after, so I could hang both my Vonage modem and my XBox in the DMZ, in front of any firewalls.
Ultimately something like a UTM should replace the consumer-grade router. If not for the security, than for the VPN pass-through capabilities that would allow me to get at my home machines from my laptop when travelling. But that's out of my budget right now and can wait.
Best Answer
Perhaps look into pfSense, m0n0wall, Smoothwall or Untangle - they are small router operating-systems, that run on regular (old/slow) PC hardware.
Any of these will handle a lot of connections, and can do pretty much anything you could wish from such a system (multi-connections with failover, QoS, intrusion detection, host/connection to VPNs etc etc)