Can I use 1:1 NAT on my WAN IP?

From PFSenseDocs

No, you cannot use 1:1 NAT on your WAN IP. You must use Virtual IPs for 1:1 NAT mappings. If you try to add a 1:1 NAT Mapping to your WAN IP, the WebGUI will reject the change as invalid.

If you only have one WAN IP, and are trying to implement a Linksys (or other SOHO router) style "DMZ"¹ port, you should instead forward only the ranges of ports you will need, and use appropriate firewall rules to protect access to these ports.

1: And I use that term very, very loosely. See the Wikipedia Definition of DMZ for more information.