Packets from client to internal (web)server are NAT-ted:
These packets start having your public WAN IP as destination. NAT on the ER translates destination IP into the local IP of your webserver.
Return packets also need the same NAT translation. Without this "return-NAT" step, these packets would have the LAN IP of your webserver as source, whereas your internal client is waiting for a response sourced from your "WAN_IP."
The extra masquerade on LAN interface tricks the webserver in sending its response back to ER, so ER can also perform NAT on return packets.