Need Solution for Private Peering Express Route in azure issues

I have Hub Spoke VNet Architecture and and express route attached to my hub VNet. I want to understand following points and see if there's something that can be done to solutionize this ?

1. Since Express Route is private peering and attached to hub VNet all my VNets are published over express route, Is there's a way i can restrict what needs to be published and what not over express route from azure.
2. I want to publish Public IP over express route and NAT Inbound connection to private IP. For this i tried setting up some network but i Guess its getting dropped. Can you please suggest what is wrong with this . enter image description here

If you don't want a specific vNet to route traffic over the express route then you need to override the Express Route routes with a more specific route table. In the vNet you can do this by attaching an Azure Route Table with a default route going out to the internet, for your on-premises resources you would need to configure this using whatever network stack you are using.

Your second issue is likely down to asymmetric routing. Traffic is coming in your public IP, but out your Express Route. You would need to configure routing for that vNet to send the appropriate traffic directly out to the internet.