I have a mikrotik 850g and I want to allow incoming requests over IPsec VPN. I want to join a computer onto the domain over the vpn but I need our mikrotik router to allow incoming request for DNS and AD. I believe for this to happen I need to allow the following ports

SMB over IP (Microsoft-DS): port 445 TCP, UDP.
Kerberos: port 88 TCP, UDP.
LDAP: port 389 UDP.
DNS: port 53 TCP, UDP.

but how? Can someone guide me thorough this. Is it a firewall rule? Im using winbox