It appears that you have not told your shorewall which ports to open.
It is not sufficient to just say "tcp" in the line for your rule, you must also state what port to allow traffic on in the given protocol (tcp=transmission control protocol).
I found this, you can try and see:
1433/tcp ms-sql-s Microsoft-SQL-Server
1433/udp ms-sql-s Microsoft-SQL-Server
1434/tcp ms-sql-m Microsoft-SQL-Monitor
1434/udp ms-sql-m Microsoft-SQL-Monitor
Your rules line would be like:
ACCEPT fac:192.168.4.45 admin:192.168.3.3 tcp:1433
ACCEPT fac:192.168.4.45 admin:192.168.3.3 udp:1433
Maybe it has to go both ways, i dont know.
Remember to read the logs with "shorewall show log" og just read /var/log/messages manually when it does not work
Webmin can be installed on your ubuntu box, and it has a very good, tutoring interface to administer shorewall. I use it myself on a daily basis- give that a try as it makes many of these things clearer if you do not have an internet-map in the head