To get all internal networks internet access you'll have to do masquerading on all packets going out the external interface:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
to allow the various networks to connect to each other, you'll have to allow forwarding of packets from one internal NIC to the other. So to allow network 1 to "talk" to network 2:
iptables -A FORWARD -i eth1 -o eth2 -d 10.2.0.0/16 -j ACCEPT
Repeat for each network you want to allow communication (don't forget to allow the target networks to communicate back). You can also explicit deny networks from communicating. For example if you don't want network 2 to communicate with network 1:
iptables -A FORWARD -i eth2 -o eth1 -j REJECT
Also remember that you will probably have to modify your routing table, so that the Linux box will know where to route packets. If you need some more specific info, check out the NAT howto at www.netfilter.org
and the iptables and route man pages.