Cisco 3560 Routing Between Vlans

I have got a cisco WS-C3560V2-24TS-S  which i use as my core switch, it is setup with multiple vlans and ip ranges. 

i am trying to get the 10.0.10.x ip range to be able to communicate with the 192.168.4.x range, my routing table is below and shows everything as i believe it should but when i try to ping from the 10.0.10.x range it fails? anyone have any ideas? do i need to do anything different as i am using vlan tagging? 
do sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2        E1 - OSPF external type 1, E2 - OSPF external type 2        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2        ia - IS-IS inter area, * - candidate default, U - per-user static route        o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     172.16.0.0/24 is subnetted, 1 subnets C       172.16.16.0 is directly connected, Vlan30 C    192.168.4.0/24 is directly connected, Vlan1      10.0.0.0/24 is subnetted, 3 subnets C       10.0.10.0 is directly connected, Vlan20 C       10.1.1.0 is directly connected, Vlan100 C       10.0.0.0 is directly connected, Vlan10      150.150.0.0/21 is subnetted, 1 subnets C       150.150.0.0 is directly connected, Vlan40

then yes, you need the static route on the host to point to 192.168.4.253 as that is the gateway for vlan 1 (directly attached network). Even if you add a static route on the router (192.168.4.254) that all other vlans are accessed via a static route of 192.168.4.253, this will cause TCP Half sessions. Example (assuming that no static route to 192.168.4.253 exists on the 192.168.4.10 host), if 10.0.10.10 sends a TCP syn packet to 192.168.4.10, the packet is sent via the default gateway (10.0.10.254). A routing table lookup is conducted on the 3650, the 192.168.4.0/24 network is directly attached via vlan 1, an ARP lookup is executed for 192.168.4.10 to obtain the MAC address to building the layer 2 frame, it is located and the packet is forward out directly via VLAN 1. The issue is on the return (TCP SYN), 192.168.4.10 sends a TCP SYN packet back to 10.0.10.10, so the packet is sent to the GW, 192.168.4.254. A routing table lookup is conducted and the route is via 192.168.4.253, so the packet is forwarded to the WS-C3560X-24P-L   The 10.0.10.0/24 is directly attached on the 3560, an ARP lookup is executed for 10.0.10.10 to obtain the MAC address to building the layer 2 frame, it is located and the packet is forward out directly via VLAN 20 addressed directly to 10.0.10.10 and NOT sent back to 192.168.4.254 where the path of the TCP Packet was originated from. Any SPI Firewall will typically drop the TCP SYN packet as it does not have an entry in its SPI table for any SYN sessions from the originating host. In some cases you can disable SYN checking, but this might cause unforeseen issues. At any rate, best practice dictates to create another vlan for your Internet traffic (Vlan 2) and move the link over to that vlan, then you can use the 3560 as the aggregate gateway for all your traffic (Local and traffic destined to the Internet). The addition of the static route on the host is required for the topology you have that exists.