This is most likely a noob question and for that my apologies. If it is better served in /r/linuxquestions I'll repost it over there.

I'm trying to configure an Ubuntu server to act as a NAT router that forwards requests between segregated subnets and the internet.

On the Ubuntu box the setup I was going for was to have one interface host the external static IP and then multiple interfaces to subnets (10.0.0.0/24, 10.0.7.0/24, 10.0.10.0/24 and 10.0.13.0/24) and have the machines in a given subnet be able to talk to each other and get out to the internet but not be able to talk to other subnets.

ie if a machine is in the 10.0.0.0/24 subnet it is unable to talk to a machine in the 10.0.7.0/24 subnet yet is still able to communicate with the internet and support having webservers in these subnets accessible from the internet in the future. The reason I want to do this is to create a lab environment with Exchange 2007, 2010 and 2013 environments and keep them separate from each other. Oh and the Ubuntu box and the future Exchange environments are all hosted on a single ESXi server with shared storage.

Here's the contents of my /etc/network/interfaces file (external IPs obscured for privacy):

auto lo iface lo inet loopback

auto eth0 iface eth0 inet static address X.X.X.X netmask 255.255.255.255 broadcast X.X.X.X post-up route add Y.Y.Y.Y dev eth0 post-up route add default gw Y.Y.Y.Y dns-nameservers 8.8.8.8 8.8.4.4 dns-search example.com

auto eth1 iface eth1 inet static address 10.0.0.254 netmask 255.255.255.0

auto eth2 iface eth2 inet static address 10.0.7.254 netmask 255.255.255.0

auto eth3 iface eth3 inet static address 10.0.10.254 netmask 255.255.255.0

auto eth4 iface eth4 inet static address 10.0.13.254 netmask 255.255.255.0

Here is the routing table (external IP obscured for privacy):

I've scoured the net and a few places seem to indicate it's an issue with a lack of firewall rules (currently no firewall running) though I thinking it's something to do with routing?