The way in which you've set up the NAT is not the way I'd do WoL. But nothing says you have to do it the way I would.
My way is to create a static DCHP entry as follows, with ARP Table Static Entry.
Then NAT specific source hosts with destination port 9 to redirect target IP Broadcast Agent port 9, with Filter rule association set.
My WoL NAT Config:
Source: (WoL Magic Packet Senders)
Source port range: any
Destination: WAN Address
Destination port range: 9
Redirect target ip: 192.168.1.254
Redirect target port: 9
Description: Broadcast (WoL Magic Packet)
NAT reflection: Use system default
Filter rule association: Rule NAT Broadcast (WoL Magic Packet)
From the WoL service being used send WoL request to the public IP (WAN address), and specify the MAC of the machine to be woken up.
pfSense NAT's it to 192.168.1.254. And because 192.168.1.254 has all F's MAC address this is a broadcast. Which is the way WoL magic packets are intended to be transmitted (as a broadcast). So all machines in the broadcast domain will see the WoL packet but only the one with the MAC address being targeted by the WoL packet will accept the WoL packet and wake up.
This way each machine does not require it's own dedicated WoL NAT and the WoL config can be used to wake any WoL enabled machine within the broadcast domain.
Of course any destination port can be used other than 9, so long as the WoL packet sending service being used allows it to be set.